Editorial
Editor's Note: This article was updated on May 20, 2024 to include new data and information. Laura Spawn wrote the original article.
Location flexibility is one of the perks of working remotely. But as telecommuting becomes more of a standard practice, remote work security becomes more of a concern.
From employees using unsecured Wi-Fi networks to workers carrying confidential papers with them to public locations, remote work has added additional levels of security considerations for companies and their data.
According to a 2023 Fortinet survey of 570 organizations around the world, 62% said they had experienced a security breach in the past two to three years due in part to employees working remotely. And IBM found that the average data breach cost is $1 million higher in companies where remote work is common.
6 Remote Work Security Best Practices
Company leaders and their employees share equal accountability in doing what they can to protect their company’s information.
Leaders have a responsibility to educate employees about data security and how everyone is responsible for protecting it. They also need to initiate certain practices and procedures that will strengthen data security within their businesses. On their end, remote workers must prioritize data security education and safe practices, then commit to those measures.
To help both parties protect their data, here are six best security practices for working remotely.
1. Establish a Remote Working Security Policy
The first step in protecting company data is to make sure all employees know that data security is a priority. Though it may be difficult to believe, some employees might still not be aware that data security is something they should be concerned about. For instance, some may assume that if they are not working directly with customer data or if they are not operating at an upper level within the company hierarchy, then they don’t need to worry about data security. Organizations cannot assume their employees know anything about remote workforce security or their role in it.
The best place to begin is by establishing a remote working security policy or cybersecurity policy. Require all new and existing employees to review and sign the policy, regardless of whether they work remotely or not.
The policy document should cover the reasoning behind having a policy in the first place, as well as details outlining all of the various security protocols employees are expected to comply with, how the company will support them in complying (i.e., which tools and resources they will provide) and a place for the employee to sign their commitment to following the policy.
Everyone in the company must take ownership in protecting employer data, and by having an established policy in place, all employees — remote or not — will be on the same page as to what the expectations are.
Related Article: 3 Strategies for Safe Collaboration in the Cloud
2. Ensure All Internet Connections Are Secure
Using an unsecured home or remote Wi-Fi network is the most common way to expose your company to a data security breach, according to the Fortinet survey.
Everyone understands the need to get out of the house every now and then as a remote worker, and the lure of your local coffee shop — with the comradery of other digital workplace employees and your favorite hot beverage — can be the perfect break. The last thing you want to do as an employer is forbid employees from working where they feel most energized and motivated. In this case, your remote workers simply need to be educated about how to make sure they can keep the company's data secure while working from their favorite spot.
The easiest solution is to require the use of a virtual private network (VPN). Using VPNs before signing on to public Wi-Fi networks encrypts the internet traffic of the remote worker and monitors for any signs of infection. This way, remote workers can still get out of the house when they feel isolated, and companies can feel better about the security of their data.
A note of caution: not all VPNs are created equal. To ensure truly secure remote work, verify the VPN you are using covers all of the factors you need it to and not just last-mile encryption. After you decide the standards you want, review the provider's reputation and conduct a cost comparison.
3. Keep Passwords Strong and Varied — and Use a Password Manager
Password safety is another relatively easy way of securing remote workers. Many people joke about password safety, admitting they use the same password from device to device and program to program, but educating remote workers about password protection is key to securing your company’s data.
Offering password security training can be another step in cybersecurity training for employees. Start with the basics of how to keep passwords strong and why it’s so important to not use the same one over and over again.
Another way for organizations and employees to mitigate this risk is by using a password manager that can randomly generate passwords for you and store all of your passwords safely. Then, employees won’t struggle to remember all of their different passwords for different programs, and the company will benefit from an added layer of security.
Related Article: It's Time to Reevaluate Your Cybersecurity Strategy
4. Rely on Two-Factor Authentication
Many organizations are transitioning to two-factor authentication (2FA) to secure remote working. The 2FA method confirms a user’s identity by first requiring a username and password, and then another piece of information, such as the answer to a “secret question” or a PIN sent to their cell phone.
Passwords can often be compromised or stolen, but with 2FA, there are fewer chances that someone would also have the additional security question’s answer or PIN. This added layer in the security process can provide remote workers and their organizations the peace of mind they need in this digital age, when passwords just aren’t enough anymore.
Conference
Oct
20
Gartner IT Symposium/Xpo Orlando 2025
Register
Conference
Oct
27
Gartner HR Symposium/Xpo Orlando 2025
Register
To take it a step further, companies may also consider multi-factor authentication, which requires additional verification that might include biometrics like retina, voice or fingerprint recognition. The authentication is definitely more complex — and more expensive — but it could be worth it depending on the level of security an organization needs.
5. Use Encryption Software
Using encryption software is another avenue for securing remote workforces. If an employee’s device is stolen or lost, the information on that device can find its way into the wrong hands and expose the company to data breaches and vulnerabilities. Encryption software can protect company data by barring access from any unauthorized users of those devices.
Additionally, businesses should be mindful that any programs used for chat, email or applications should utilize end-to-end encryption. Popular programs like Microsoft Office and Adobe Acrobat, for instance, can easily encrypt files and documents that your remote workers use and share with coworkers.
Related Article: Generative AI Is Changing Work. Your Cybersecurity Training Should Change With It
6. Don't Forget Firewalls, Antivirus Software and Anti-Malware
Organizations should require remote workers to have up-to-date firewalls, antivirus software and anti-malware on all their devices — including cell phones and tablets, in addition to their laptops. Companies may also want to consider having the ability to remotely wipe devices in case they are lost or stolen. Mobile device management platforms can perform most or all of these services, allowing remote workers to continue to use their own devices while ensuring the safety of company data.
Remote workers may need assistance from their employer in making sure their devices have these protections installed. Employees don't all have the same level of technical expertise, so organizations concerned about their data security should be prepared to offer technical support. This could mean establishing partnerships with local tech support services near remote workers, designating a tech-savvy individual at the company who can take on the responsibility, or building a centralized internal tech support team that can walk employees through the necessary processes.
Protect Your Organization With Remote Work Security
Remote work does not have to jeopardize data security. Once remote workers are educated and remote work security best practices are implemented, they can quickly become standard practices that everyone in a company can commit to with ease — and everyone within the organization can feel confident that they are doing all they can do to protect the security of their employer’s data.
Learn how you can join our contributor community.
