Cybersecurity for Employees Working from Home

Travelers umbrella logo.
By Travelers Risk Control
3 minutes
Cyber Resources
System protected from cyber extortion

Due to work-life balance or other business considerations, more employees are working from home more than ever before. While remote work may offer benefits to both the employee and employer, there are potential cybersecurity risks when employees work from locations outside of the office. To help minimize these risks, consider these precautions:

Employer 

Use a Virtual Private Network (VPN), not Remote Desktop Protocol (RDP).

The use of a VPN is a fundamental safeguard when users access the company's network via their home WiFi. A VPN allows for encryption of data, which adds a level of protection for information such as passwords, credit card numbers and other sensitive or private information. A VPN can also provide a level of anonymity through capabilities such as masking of location data, website history and IP addresses.  Employers should avoid using the RDP on their network. RDP may be an expedient option, but it is not a secure solution.

Implement Multifactor Authentication (MFA). 

The basic principle of MFA is that an authorized user must provide more than one method of validating their identity. Even if a cyber attacker has obtained a user ID and password, MFA decreases the risk that an attacker can gain access by requiring an additional means of validation. Commonly, the factors correlate to something you have (e.g., an authenticator app on a smartphone), something you are (e.g., a fingerprint) or something you know (e.g., a PIN). For more information on the best way to implement MFA at your company, reach out to your technology staff and/or managed service provider.

Ensure remote work practices comply with internal and external policies, laws and regulations.

It is important for companies to understand their regulatory environment and ensure that remote work maintains compliance. It is possible that some roles within a company will not be suited to remote work, in which case companies should be clear with staff about remote work expectations and permissibility. For example, some teleconferencing software may not be HIPAA compliant for use by a medical provider
because the software does not encrypt personal health information (PHI). Identify and address risks with storing business information in personal cloud storage or printing on home printers, etc.

Ensure systems, software, technologies and devices are updated with the latest security patches.

Employers should track the equipment to be used in a home environment and provide a means of updating software security patches. The National Institute for Standards and Technology (NIST) provides a National Vulnerability Database that offers information on vulnerabilities from many vendors. For more information about patch management and best practices to consider, reference the NIST Guide to Enterprise Patch Management Technologies.

Employees

Prevent unauthorized users on company resources (e.g., laptops, mobile devices).

Employees should not allow anyone to access company resources, including family members. Whenever possible, use a private location if you are on a call or in a meeting that involves sensitive information, such as anything HIPAA-related.

Use only company-authorized devices for remote work.

Personal devices may not have the same level of security and privacy protections as company devices. If your company has a "Bring Your Own Device" policy, be sure that your use of a personal device is in accordance with that policy. This includes home printers and personal email accounts. It may seem convenient to print work documents on your home printer or send emails to your personal device, but these actions may put your company at risk and violate company policies. Be aware of "shortcuts," such as taking photos of company documents with your personal phone as an alternative to scanning them, as these shortcuts may introduce privacy and security risks.

Dispose of company documents properly.

Review your company's records retention and management policies, as well as information management policies, to ensure compliance. If you must dispose of hard copies of company documents, either shred them or securely retain them for proper disposal when you return to the office. Protect physical documents that must be retained as best you can. For more cybersecurity best practices while working remotely, see the NIST publication Guide to Enterprise Telework, Remote Access and Bring Your Own Device (BYOD) Security

Cyber security graphic icons on a screen.

Top Stories

5 Ways to Help Protect Your Company's Data

Employee error is a common cause of business data breaches. Get employee information security tips from Travelers to help avoid data breaches.

Learn More

Related Products & Services

Travelers Risk Control: Loss prevention tips, tactics and lessons

Travelers industry-leading Risk Control team provides extensive safety and risk management content, tools and education.

More Prepare & Prevent

More Prepare & Prevent

How to Set Up Your Home Office

If you work from home, properly setting up your home office can help avoid painful injuries and time lost from work in the future.

Woman sitting at computer in home office
5 minutes

More Prepare & Prevent

Ergonomics in the Modern Office

The modern office sees new ways for employees to be productive, like exercise balls and standing desks. The improper use of these devices can lead to discomfort and injuries.

Woman sitting on exercise ball in modern office.
4 minutes

More Prepare & Prevent

The Modern Office Brings Emerging Risks

Modern office trends, such as mobile device use and work and play activities, bring new safety risks.

Woman sitting at home office in front of laptop.
2 minutes
Explore More Articles