By: Roberto Almanza

Every January we recognize National Home Office Safety & Security Week. At Axiad, this week has always been useful to get us thinking about how we can help keep our remote workers secure. However, in the past year it’s become more important than ever, and not just for us. Over two-thirds of companies have moved the majority of their workforce to remote and over a quarter plan to create a flexible “work from anywhere” policy where employees can choose to work from home or the office.

If you’re one of these employees, you might be worried about the increase of cybersecurity threats for remote workers, and how you can protect yourself and your data from home. Our Axiad IT team works hard to educate our workforce on the best ways to stay secure, and have compiled our top tips on what employees can do to ensure home office security.

#1: Get in the Routine of Staying Alert  

Working from home has many challenges. Whether you have children at home, roommates working in the next room, or even a demanding pet, it’s easy to get distracted. Although you might naturally feel safe at home, leaving devices unlocked or private information out in the open can lead to major security issues for you and your company. Since many distractions are out of your control, we recommend implementing small routines to stay vigilant no matter where you’re working.

One way you can do this is to get in the habit of locking your computer or other devices whenever you step away from your workspace. This is something most of us are used to doing in the office but don’t think to do when we’re taking the dog for a walk or making the kids lunch. Even if you live with family or people you trust, you shouldn’t drop your guard and become complacent about your security. At the minimum, your computer and mobile devices should automatically lock after a period of inactivity.

Another secure action you can take is to keep your confidential information out of sight, especially during video conferences – whether it’s on your computer or around your workspace. If you have personal or company information in the background of your webcam or on your shared screen, you’re leaving yourself and your company open to risk.

Although these threats might seem unlikely, it’s best to stay on the safe side. And once you do return to the office or start working from public places, they’re important routines you should be used to.

#2 Utilize Your Company-Issued Devices

While some habits can help improve your at-home security, other habits can put you at risk. Working remotely often blurs the lines between home and work – employees tend to work in their living space, surrounded by family or roommates, and ultimately work longer days. This mixing of the two worlds can lead to the mixing of personal and work devices as well. In fact, more than 50% of workers have been using their personal laptops for work since the pandemic.

Occasionally logging into your work applications on your phone or personal laptop might not seem like a big deal, but can lead to major risks. While work devices often only have company-approved applications on them, personal devices tend to have many other apps. If one of those apps is malicious or has security flaws, your company data is put at risk.

Your personal devices might have their own security software, but IT teams work hard to deploy the best security software and tools to keep your work devices safe. It’s ultimately safer to leave your personal laptop and phone aside during work hours, and only work from your company-issued devices at home.

#3 Don’t fall for phishing

Phishing emails are currently top-of-mind for our Axiad team, and for many other companies. In the first few months of the pandemic, phishing attacks jumped by almost a third.

Why is this? Many of these scams were related to Covid-19, tricking employees into sharing their personal details to get new updates on the virus. Other scams could be impersonations of your co-workers – because remote workers can’t speak face-to-face, hackers try to get them to share private information via email instead. These emails often are urgent requests for help, causing users to quickly react and share confidential data before checking if the sender is legitimate. The distraction we mentioned before also plays into this – remote workers are more likely to not check emails for signs of phishing and give over their information.

Although your IT team can provide you with the latest anti-malware software, hackers are usually one step ahead. As a user, the best thing you can do to prevent these attacks is to slow down, be vigilant, and check each email for anything suspicious. Do you know the sender? Is that their correct email address? Is the sender asking you for private information that usually shouldn’t be shared online?

If you’re unsure if an email is legitimate or not, contact the person you think the email is from separately, to confirm it’s them. Here at Axiad, we digitally sign all our emails. This legitimizes our employees’ emails, so if we receive an email supposedly from a colleague that isn’t digitally signed, we know immediately that it is suspicious. This helps our team to stay alert to potential fraud and encourages employees to quickly report issues to IT.

#4 Keep your credentials up to date

One of the greatest threats to your remote security is misuse or abuse of your login credentials, which ultimately causes 80% of security breaches.  This is often because employees are using easy-to-guess or repetitive passwords that are popular targets for hackers. Many times, breaches happen when users lose or inadvertently share their credentials. Previously when this happened in the office, employees could simply walk over to the IT desk. Now they need to contact IT for a one-time password, which can be easy for hackers to intercept.

Part of the solution to this problem rests with your IT team. They need to ensure you have strong authentication methods that require multi-factor authentication to verify your identity and are difficult for hackers to steal. They also need to make sure these tools are simple for you to manage – each credential often comes with its own platform and lifecycle, which can lead to confusion for employees.  A simple and secure platform like Axiad Cloud allows users to manage all of their credentials in one platform without sacrificing security, reducing the chances of users losing track of them or exposing them for unauthorized use.

No matter what authentication solution your company uses, you should hold yourself accountable for your login credentials. If you still use only passwords for some of your applications, make sure they are unique and difficult for a hacker to guess. If you have other credentials like a smart card or hardware token, store them in a secure place and set yourself reminders for when they will expire. Keeping track of your credentials will help keep you from getting locked out of your system, and keep hackers from getting in.

#5 Stay on the lookout for security updates

With new security threats to remote workers appearing every day, company policies need to change frequently to keep up. It can often feel overwhelming as an employee to keep track of these changes and know you’re doing everything you can to stay secure.

The best way to stay on top of these changes is to take part in your company’s security awareness training and take it seriously. Unfortunately, many companies have been inundated with other issues during the pandemic and have not made security training a priority. Over 40% of companies have not provided any training focused on remote work, and 32% of employees have received no training at all in the last six months.

Moving forward, IT leaders will need to make training a priority and ensure their employees are complying with their latest policies. Solutions like Airlock can restrict employee access to company applications until they have taken necessary training or read updates to policies. This can help make sure all employees are following the latest best practices.

If you haven’t received the security training you think you need, don’t be afraid to reach out to your IT team. Here at Axiad, we encourage our employees to come to us with any questions or requests for additional security resources. The year might be filled with some uncertainty, but we want remote workers to feel certain that they are secure.

About the Author

Roberto Almanza is the IT Administrator at Axiad.