The new normal: What employees need to know for long-term work from home security

June 25, 2020
Current remote work landscape brought about by pandemic will require active participation from all involved to ensure organizational cybersecurity

Millions of people around the world have been working remotely for several months now. Daily routines look different for every employee, whether they log on first thing to check emails, or if they’re juggling calls in between homeschooling children or caring for an elderly parent.  

While workers adjust to the new normal, employers are also reevaluating their approach to remote work and how to secure a remote workforce. IT teams had to tackle priority items like scaling network capacity and deploying video conferencing software, and now they’re preparing for long-term remote work. This is new territory for both employees and IT teams, but cybersecurity requires active participation from every person to maintain a secure work environment. 

For employees who don’t know where to start, and for IT teams trying to manage a fully remote workforce, it is important to know your role in safe and secure remote work.  

Habits to Practice as a Remote Worker

First, make sure you know your company’s remote work security policy and the recommendations they share. Second, continue following all typical cybersecurity best practices—check the address of unknown senders before opening an email, use strong passwords, don’t click on any suspicious links, and use company-approved software. Third, treat your home workspace as you would your regular office desk. Sign out of your laptop or desktop every time you walk away—you never know if your cat or toddler will accidentally stroke the keyboard and hit send on an errant email. Fourth, enable multi-factor authentication across your devices. Multi-factor authentication is an additional step to verify your identity, where you will be prompted to confirm your login via a secondary text or email, an authenticator app, or biometric data such as a fingerprint or retina scan.  

Following these practices will make your device a secure endpoint and help to mitigate any security gaps that malicious attackers are trying to manipulate. 

Ensuring Your Device is Secure

In the office you may not think twice about how secure your device is, but in a remote work environment, it’s critical to protect both the endpoints and the network. Your business leaders and IT teams should communicate often about security requirements for working from home. Following these requirements should help protect you and the business you work for. One of the most common areas of risk is the home router; in fact, over 80% of home office routers have been found to be vulnerable to cyberattacks, according to the American Consumer Institute Wi-Fi Router Vulnerabilities Report. Ensure you’ve changed the default password on your home router and consider separate network for your work computer if your home router supports it. 

Keep a check list handy with some simple dos and don’ts; 

  • DO: 

        o    Only connect to trusted Wi-Fi connections and networks. 

        o    Only install approved applications on your corporate laptop.  

        o    Maintain communication between your co-workers and manager. 

        o    Inform IT immediately if suspicious activity on a computer is observed. 

        o    Make sure there is an endpoint security tool installed on your computer and that it is updated and configured correctly.  

        o    Make sure your End Point Protection service can be synced without cloud connectivity, if possible. 

  • DON’T:  

        o    Share your corporate laptops with anyone, even family members. 

        o    Don’t connect to a public Wi-Fi.   

        o    Don’t save any company confidential information to your personal accounts. 

        o    Don’t leave your computer unlocked at any time, even at home.  

        o    Don’t save any company passwords to your personal web browser. 

Securely Collaborating with Employees

The most obvious change of remote work is the loss of in-person meetings and casual conversation with colleagues. But our new virtual offices give us the opportunity to collaborate with even more coworkers, who are now just a video meeting away. Before you sign up for a file transfer or messaging software, make sure you’re always using your business’ approved collaboration tools. Your company should use enterprise versions of email, filesharing software and video conferencing that are already installed on your company device. As an extra layer of security, many laptops now come with built-in software that scan for malicious links and corrupted files to prevent the spread of outside threats. If you are using a personal device, like a mobile phone, make sure you enable multi-factor authentication and only access work materials through approved apps and websites. As tricky as it can be right now, it’s critical to use secure tools that protect yourself and coworkers.   

This is a difficult time to navigate personal and professional demands and security may not be top of mind for employees adjusting to a remote work setup. As we prepare for the unforeseen future of remote working, it is critical for IT teams to not only deploy additional security measures, but to educate employees on their role in maintaining corporate security. The security measures that are adopted now will only continue to serve us when we do move back into offices. More importantly, though, they will help us empower the hybrid remote workforce of our future.  

Michael Howard is head of HP Inc.’s Security and Analytics Practice