18 security tips for remote working

At the peak of the pandemic, the UK undoubtedly saw a huge surge in homeworking. In fact, during the 2020 lockdown, a staggering 37% of the population worked remotely at some point. Now, the Covid-19 pandemic has left a lasting impact, with approximately 44% of the UK workforce working hybrid or full time remote in 2023. These continued figures indicate a clear shift in our working styles to a more technologically driven, out-of-office workspace. However, this also means that our businesses’ remote working systems and their security must adapt to protect sensitive information.

Establishing business security is crucial, especially when your employees are working off-premises. Whether it’s at home or their local coffee shop, remote working can expose your technology, data, IP, and confidential customer information to potential security risks. This can jeopardize the wellbeing of your entire enterprise and have serious consequences for your business’ future operations. Therefore, a major challenge when implementing safe remote working is ensuring your employees staying connected with your business, whilst working securely.

But understandably remote working can deliver countless benefits for you and your employees. It can help your business access wider talent pools, as well as allow for flexible employee arrangements. So, here we offer some expert security tips to help you stay safe whilst leveraging the business benefits of remote working.

Read on to discover our 18 security tips for your team, so you can ensure secure working practices, and let your employees stay productive remotely.

Remote working security from a wide range of online threats

When you consider your current business security policies, they may include cyber awareness training and employee safety practices. The same applies to your remote working teams. It’s important to translate some of those policies to remote working to empower your WFA employees to recognise potential security threats. So, before delving into our top security tips, we’d like to make you aware of three threats specific to remote working:

Unsecured Wi-Fi networks

While most of your remote employees will be working from home where they can secure their WiFi, others may be working in public spaces. This means they are most likely using unsecured public networks for internet access. Unfortunately, these are prime spots for cybercriminals to survey online traffic and steal confidential information.

Using personal devices and networks

When your remote teams use their own devices and home network, it’s unlikely these will have the same defences you rely on back at the office. These may include added antivirus software, firewalls, and automatic data backup. As a result, the lack of security features will dramatically increase the risk of malware infecting their devices. This not only affects their technology but poses a threat to your business network and any work-related files stored.

Remote worker scams

Rackets and scams targeting home workers – ranging from phishing to work-from-home scams – are increasingly common. Hackers often employ social engineering tactics to trick users into giving up personal and sensitive information. Some of the lesser-known threats include fake VPN advertisements and man-in-the-middle attacks.

With the right knowledge, support and security tools your people can work remotely and safely

Not every organisation is prepared for remote working, so here’s 18 security tips to help you and your employees stay secure:

1. Ensure it’s fast and simple for your people to get started

Your remote team will first need to set up their devices and all work-related digital services. The basics may include business e-mail and internal applications However, they’ll need to be able to set up without access to in-person IT specialists.

Look for software and products that offer a Self-Service Portal (SSP). These will allow users to do things for themselves without the need for in-person intervention. Features can include troubleshooting articles, service requests, ticketing or live chat systems for issues, and automated processes. SSPs can therefore simplify a lot of tasks for remote employees, ensuring they can independently utilise software.

2. Install patches and latest versions to keep devices and systems secure

We all know installing patches and updating to the latest versions can be tedious. However, it is imperative that all your remote devices, operating systems and software applications are up to date. A quick tip is for your employees to schedule their updates to run overnight; this way they won’t be losing any valuable working time. All too often malware breaches are the result of an unpatched weakness or unprotected device.

3. Encrypt everything wherever possible

Incorporating encryption into your remote working policy is an essential layer of security against malicious actors. Devices that aren’t encrypted are particularly vulnerable, especially from the risk of loss or theft.

Note that most devices include native encryption tools such as BitLocker. In addition, communications tools like WhatsApp offer end-to-end encryption, so be sure to enable these features. For extremely sensitive communications, there are even specialised encrypted e-mail providers you can consider integrating.

4. Create a secure connection with a VPN

A Virtual Private Network (VPN) is an important addition to your remote team’s security. It works by encrypting all the data travelling between your employees and your IT infrastructure and office network.

This feature adds a key layer of security to your employees’ remote working devices by hiding their Internet Protocol (IP) address from malicious actors. Your IP address is essentially an identifiable code through which hackers can access your employee devices and the data stored on them. So, by making your IP address invisible, your employees’ devices are given anonymity and business-related data is rendered inaccessible.

A fast, available and reliable VPN is particularly useful for performing bandwidth-hungry tasks or shifting huge amounts of data. This may include holding video conference calls, or utilising data analysis software.

5. Scan and secure e-mail to avoid phishing scams

The fact that more of us are working from home will be increasingly leveraged by cybercriminals. Due to the rise of e-mail communications, businesses should subsequently expect a rise in phishing and spearfishing attacks.

To combat these threats, ensure your e-mail protection is up-to-date and raise awareness of phishing in your organisation. No one should click on, open or download anything that looks even remotely suspicious. Encourage your remote employees to check with the source first, if unsure.

And it’s not just phishing e-mails to worry about. There’s phishing by voicemail (vishing) and text messages (smishing) that are also increasingly used by cybercriminals. Similarly, they use social engineering tactics to steal personal information or gain access to your company accounts.

Here are some common ways to spot phishing e-mails:

• The sender’s e-mail address has spelling errors
• Poor grammar in the subject line and the body copy
• Style errors which point to a non-English speaker
• The lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates)
• Misspelled domain names
• No ‘About’ page or contact information on the website

6. Enable web filtering

By applying web filtering rules on your devices, you can ensure that your people only access appropriate work-related content. These web features are also incorporated into anti-malware software, blocking access to known malware-ridden sites. Therefore, configuring web filters will not only help maintain productivity levels, but also protect employee devices from malicious websites.

7. Back up using cloud storage for files and data

Valuable data can be lost or compromised in countless ways. From human error and physical damage to a unprecedented cyberattack  that can lock up or wipe out entire systems, you must be able to retrieve your data.

Cloud storage enables your employees to still access their data if their device fails while working remotely. Additionally, the cloud offers great flexibility and customisation. Just make sure your cloud database is protected with multi-factor authentication, so only the authorised personnel can access it. Finally, remember to delete obsolete data and files, as these can take up a lot of needed storage space.

8. Control the use of mobile devices, removable storage, and other peripherals

Simply having remote teams increases the likelihood that employees will connect insecure mobile devices to your business network. In fact, according to 2024 UK government stats, device loss accounts for 17% of all recent data breaches.

So, we recommend you use device control within your endpoint management solution to mitigate the risk of breaches. Your business should also be ready to identify, lock or wipe technology if you need to.

9. Lock devices – especially when out and about

As an addition to the above advice, if your people do work in public spaces from time to time, then it’s vitally important that they keep their device secure. This means not simply installing anti-virus software but strengthening password security.

Passcode-locking a device will help prevent information from being read or stolen when away from it in public. Furthermore, certain configurations will encrypt the content until someone enters correct the password or passcode.

10. Discourage ‘Shadow IT’ solutions

A huge security problem in remote working organisations is the presence of Shadow IT solutions. This is where non-IT staff find their own ways of solving issues without the approval of your IT team. Often, this occurs as your employees may not have constant professional IT support when working from home. Therefore, they may download software or utilise hardware for work which is unapproved by your business’ IT administrator.

Although, it may seem strict, unconfigured hardware or software can have disastrous results for your business security. Moreover, Shadow IT may be non-compliant with industry regulations or internal security policies, leading to significant fines.

11. Have your people secure their home routers

If your work from home employees haven’t changed their router passwords from when they were first installed, their home network will be significantly more vulnerable. As a result, it will be easier for malicious parties to access their network.

Have your team change their router passwords and ensure all firmware updates are installed so that any security vulnerabilities are patched. Their router’s encryption should be set to WPA2 or WPA3 and they should switch off WPS. For more specific information on this topic, they should consult with their Internet Services Provider (ISP).

12. Establish and demand password best practice

Whether your team are working in the office or at home, best security practice begins with strong passwords. Unfortunately, many of us use the same password for accounts, apps and devices. This makes it much easier for a cybercriminal to gain access, as all it takes is one compromised password to have free reign. Such tactics are called credential stuffing, where hackers can gain access to multiple accounts and countless sensitive data stored.

To prevent this type of attack, passwords should always be unique, never shared and regularly updated for every account. They should be comprised of a long string of upper- and lower-case letters, numbers and special characters. Understandably, it can be difficult to keep track of all these long and complex passwords. A quick and useful investment is a password manager; this enables everyone to create new passwords, control them and remember existing ones.

13. Go beyond password security with two-factor authentication

Sometimes you must go beyond strong passwords to enhance your business security. Enable two-factor authentication (2FA) or two-step verification (2SV) for your remote working devices. Both features involve an additional step at account login to add an extra layer of protection. Essentially, they make sure only authorised personnel have access to the systems, applications, devices, and information they should.

It shouldn’t complicate log in – all you need is an extra minute and a second device for authentication. The extra step is typically a simple e-mail or text message confirmation, or a biometric method such as facial recognition or fingerprint scan.

14. Install firewalls

Firewalls give your remote devices a first line of defence, operating by creating a barrier between your devices and the Internet. This closes any opportunity for interference or ports to communication. Ultimately, this helps prevent malicious programs entering, and mitigate the risk of data leaks.

Usually, your device’s operating system will have a built-in firewall, as will hardware like a home router. Just ensure these tools are enabled to protect your business data.

15. Install antivirus software

You must assume that a cyber threat will eventually breach your firewalls, so investing in the appropriate antivirus software is always money well spent. Think of this preventative software as your second line of defence.

Antivirus software will detect, and block known malware from harming your infrastructure, and therefore protect the data stored on it. Sometimes your software will even be able to remove it.

16. Be careful with remote desktop tools

To allow your remote workers to access their work via your business networks, it’s possible you’ve integrated Remote Desktop Protocols (RDPs). While there can be secure RDPs, there have been some concerns raised about these tools. So, ensure you do your research before implementing them, as it pays to choose yours carefully.

17. Work-from-home scams

Work-from-home scams are dangerous and likely to increase as more of us incorporate flexible and hybrid work styles. They can range from specific spearfishing attacks to advertised work-from-home schemes that require upfront payment or excessive personal information to start.

Nobody in your business should ever share personal information with or make a payment of any kind to any individual or organisation they haven’t thoroughly researched. If you or your employees have any doubts or suspicions about an unauthorised individual or organisation, do not give up any personal data or authorise payments.

Do warn your people about some of the sophisticated multi-level-marketing (MLM) scams out there. Also known as “pyramid schemes”, these are often well-disguised as credible, legitimate and attractive work-from-home opportunities.

18. Resources and reporting

Make sure your remote working team have clear and easy to use resources. This could be an appointed individual or support team to go to for any questions, concerns or to report a suspicious activity or security breach. An easy-to-remember e-mail address or phone number is a good place to start.

Cultivate an environment where honesty and sharing are encouraged. This will help prevent employees from covering up mistakes in panic, only to make a risky situation worse.

A few words from our co-founder Luis Navarro

I hope everyone is well and healthy. The COVID-19 crisis has made me realise how much I have taken health for granted – we are so preoccupied with our hectic life, work and family matters that our health seems less important than many of the daily things we have to do. My perspective has definitely changed now.

I have been trying to preserve some sense of normality and routine, and that has been very important to me during this time. I wake up very early every day (5:30am) and go for long walks in London to specific landmarks or areas.

Here to help you with remote working security

If you run a small to medium-sized business in London, you’ve already got plenty to think about when it comes to your remote working teams.

As the go-to IT support team for London, when it comes to cybersecurity technology and consultancy, we’re here to help you with any remote working IT difficulties. By utilising best-fit, best-in-class cybersecurity solutions, we work to enhance the employee experience. So, if you’re seeking expert security solutions, please don’t hesitate to call us for a confidential, no-obligation chat about your requirements.