Work-From-Home Safety Checklist: Securing Your Virtual Workspace
Written by: University of Tulsa • Dec 8, 2023
The number of workers based mainly in their homes tripled between 2019 and 2021, and the number continues to skyrocket. A U.S. Census Bureau survey shows that, in 2021, 27.6 million people — representing about 18% of workers — worked primarily from their homes. In 2019, the number of remote workers was 9 million, around 6% of the workforce.
By 2022, a survey from management consulting firm McKinsey & Co. found that 58% of American workers had the option of working from home at least part of the time. That percentage represents 92 million people.
The opportunity to work remotely offers myriad benefits to workers and employers, but it also presents security risks that range from network vulnerabilities to phishing attacks. The data breaches that can result from those vulnerabilities are often costly.
To protect themselves from these security risks, employees should adhere to a work-from-home safety checklist. From encryption to updates, password protection to two-factor authentication, following common work-from-home safety tips can help ensure remote workers keep their data and networks secure.
Why Is Work-From-Home Safety Important? ¶
Whether they’re working in a corporate office or a corner of their living room, many of today’s employees rely on virtual workspaces to do their jobs. In these workspaces, people connect to others digitally, relying on technology to communicate and share data and other materials.
In corporate offices, workspaces generally have the support of centralized cybersecurity protocols that guard against unauthorized access to this data. Corporate cybersecurity protects networks, applications, and devices.
But businesses cannot control every facet of an employee’s work area at home. Without interventions from the worker and their employer that protect them while they’re working remotely, the employee’s digital equipment — and the data it transmits — could be vulnerable to unauthorized access.
Work-From-Home Cybersecurity Risks ¶
When an employee performs their tasks in a virtual workspace at a remote location, they may use an unsecured network or fail to take precautions that could prevent a cyber attack. Whether they lack awareness of best practices for digital security or fall prey to human error, workers can face the following cybersecurity risks associated with working from home:
- Unprotected Wi-Fi networks — Connecting to corporate systems through unsecured Wi-Fi networks, including public networks, that are not protected against data breaches
- Weak passwords — Choosing passwords that are obvious, placing entire networks at risk of unauthorized access
- Unsecured personal devices — Conducting business using a personal device, such as a laptop or smartphone, that does not have cybersecurity protections
- Phishing attacks — Unwittingly clicking on a link that installs malicious software, or malware, on the device being used, allowing a cybercriminal to steal data or damage the device or its system
- Computer viruses — Relying on technology and behaviors that leave devices prone to viruses, including malware that can replicate and spread to other devices
- Unencrypted file transmission — Sharing confidential information in files that are not encrypted to protect sensitive data
Work-From-Home Dangers: Key Statistics ¶
Work-from-home cybersecurity risks are pervasive, and they can be costly. Following are resources that illustrate the importance of protecting against these risks:
- Alliance Virtual Offices, “Working From Home Increases Cyberattack Frequency by 238%” — Cyber attacks have increased dramatically since the start of the COVID-19 pandemic in 2020, according to this 2023 report, yet 44% of remote workers receive cybersecurity training once a year or less.
- Tenable, “Seventy-Four Percent of Organizations Attribute Damaging Cyberattacks to Vulnerabilities in Technology Put in Place During the Pandemic, According to Global Industry Study” — More than two-thirds (67%) of cyber attacks affecting businesses in the months leading up to this 2021 study targeted remote workers.
- Egress, “Preventing Email Data Loss in Microsoft 365 Report” — More than two-thirds, or 67%, of information technology (IT) professionals in this 2021 survey reported that a widespread email data breach happened because of security issues related to remote work.
- Statista, Concern Level About Cybersecurity Risks of Remote Work Worldwide 2021-2023 — This 2023 report found that 72% of cybersecurity professionals are very or somewhat concerned about the security risks of working from home.
- IBM, “Cost of a Data Breach Report 2022” — During 2021 and 2022, the cost of addressing a corporate cybersecurity attack was $1 million greater, on average, when that attack was associated with remote work, according to this IBM - report.
Work-From-Home Safety Tips ¶
By following some practices proven to guard against the cybersecurity dangers associated with remote work, people who work from home can help to ensure that their data and systems are safe. Many employers have work-from-home policies that outline parameters for physical and electronic file security. These policies typically cover work-from-home safety tips such as the following:
Use Security Controls ¶
Remote workers should ensure that their physical and digital assets are safe, putting their electronic devices away and locking their offices when they’re not in use. They also should ensure that the router they’re using has a unique password and that they’re regularly updating any protections available for securing that equipment.
Additionally, remote workers should activate the “find my device” mode for their equipment to guard against loss and theft.
Some specific security measures that should be on every remote worker’s work-from-home safety checklist include the following:
When beginning each work session, remote employees should ensure they are using a virtual private network, or VPN. This protection creates an encrypted link between their device and a server that keeps the connection private.
Encryption uses a formula to scramble data as it is transmitted. When encryption is activated, only authorized recipients with a specific key code can unscramble and access the data.
Antivirus Software ¶
Antivirus software protects against and eliminates viruses, which are malicious software that can compromise data and damage systems. By installing antivirus software on their devices, workers can guard against many types of malware.
Screen Lock ¶
Most devices’ screens automatically lock, requiring the user to provide credentials to reopen them. Remote workers should ensure their screen locks are activated to protect against access when they walk away from their devices.
Two-Factor Authentication ¶
Adding a second layer of authentication makes it more difficult for cybercriminals to gain access to sensitive data. When two-factor authentication is activated, even if someone gains unauthorized access to a password, they must also have a one-time code to access the data.
Videoconferencing Settings ¶
Measures for protecting against unauthorized participation in remote meetings include requiring passwords and establishing a virtual waiting room to control access. Videoconferencing settings also may allow for blurring a participant’s background to prevent others from seeing sensitive documents in the workspace.
Webcam Protection ¶
Remote workers can guard against intrusions through webcams by unplugging those that aren’t connected to a device whenever they are not in use. For webcams that are connected to a device, a webcam cover can shield against cyber attacks.
Separate Work and Home Devices ¶
The best way to establish clear boundaries between work use and personal use of digital tools is to have a separate device for each. Using separate devices, when possible, helps guard the worker and their employer in case one of those devices becomes compromised.
Update Devices and Software ¶
Another important item on a work-from-home safety checklist is keeping operating systems and software up to date. Doing so ensures that they are protected by the latest patches and upgrades against known security threats.
Select Strong Passwords ¶
Passwords that are difficult to uncover help prevent unauthorized access to digital equipment or the data stored on it. Passwords that are unique, at least 12 characters, and include a mix of capital and lowercase letters as well as numbers are best.
Saving passwords in a password manager tool can help remote workers remember their passwords while also keeping them secure.
Learn to Identify Phishing Scams ¶
Emails and other messages can contain links that, when selected, install malware on a device. This is known as phishing. Remote workers should learn about phishing scams and avoid clicking on links from unknown sources or those that look suspicious, and they should take advantage of any employer-provided training on the topic.
Back Up Data ¶
Regularly backing up data can protect against a total loss of data, should a breach occur. A separate hard drive can store the backed-up data. Another option is cloud storage on a remote server, which allows other authorized users to access the data as needed regardless of their location.
10 Items for Your Work-From-Home Safety Checklist ¶
Referring to a work-from-home safety checklist can help remote workers stay on track with tips and tools that can safeguard them from cyber attacks. When working from home, employees should ensure that they can answer yes to the following questions:
- Am I adhering to corporate work-from-home policies?
- Are my passwords strong and secure?
- Do I have antivirus software installed?
- Am I using a VPN?
- Have I enabled two-factor authentication?
- Did I adjust my videoconference settings?
- Have I backed up my data recently?
- Do I perform updates promptly?
- Do I use separate devices for work and personal business?
- Could I recognize a potential phishing scam?
Resources for Keeping Your Virtual Workspace Safe ¶
Remote workers seeking additional information about how to create — and maintain — a secure virtual workspace should explore the following resources:
- Krebs on Security — Writer Brian Krebs, whose interest in cybersecurity grew after an attack on his home network, hosts a blog with information on topics like data breaches and digital security technology.
- National Cybersecurity Alliance, “Stay Secure While You Work From Home” — The nonprofit National Cybersecurity Alliance provides a list of tips for employees to follow to boost their data and network protection when they work from home.
- National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC) — This division of the U.S. Department of Commerce provides cybersecurity resources such as a searchable database of information, publications library, and glossary of terms.
- U.S. Cybersecurity and Infrastructure Security Agency (CISA), Telework Guidance and Resources — CISA offers tips and materials to guide remote workers in protecting their virtual workspaces, with links to a video about remote work tools and a list of essential security considerations when working from home.
Protect Yourself When You’re Working From Home ¶
Working from home can offer numerous benefits, but it poses dangers to both workers and their employers. By referring to this checklist of work-from-home safety considerations and making sure they’re following best practices for cybersecurity, remote workers can be confident that they are well protected against cyber attack.