15 work-from-home security tips: Security best practices for remote workers


If you decide to work remote, it’s important to keep cyber safety in mind. That means protecting your devices and data, just like you would in the workplace.

The COVID-19 pandemic changed the work habits of millions of people across the globe. Instead of commuting each day to an office, they worked from their kitchen tables, guest bedrooms, and living room couches, all as a way to help stop the spread of the virus.

As vaccines are rolled out, employers are beginning to call workers back to the office. But many employees are looking for a more flexible work arrangement, traveling to the office on days when collaboration and meetings are taking place and working from home when they’re more focused on solo work.

This hybrid model means that more people will be working from home more often. While this could be a boon to your productivity — no more hours wasted in traffic jams — working remotely comes with cybersecurity risks. The personal devices you use when working from home might not come with the same level of security as you get on employer-issued devices when you are typing reports, creating brochures, and poring over research reports on your employer’s in-office equipment.

If you decide to work remote, then, it’s important to keep cyber safety in mind. That means protecting your personal devices and data, just like you would in the workplace.

1. Keep close contact with your employer

It’s smart to stay on top of company communications. Your inbox might contain emails about policy changes ranging from work hours to travel. If you have questions, ask.

Why it’s important: It’s important to know new policies to help keep you, your coworkers, and the business safe.

2. Use what’s in your company’s tech toolbox

Companies often have tech tools that can help keep devices safer when you work from home. That might mean you do your work on company-supplied laptops and mobile devices. They likely include firewall and antivirus protection, along with security features like VPN and 2-factor authentication.

Why it’s important: Your employer’s cybersecurity tools are designed to protect data and devices. Cybercriminals have an interest in both, whether you’re working in the office or at home.

3. Invest in security software

By installing security software, including  antivirus software, on your personal devices, you'll greatly reduce the likelihood of a virus infecting your machines. The best antivirus software provides regular updates, too, making sure that you are protected against the newest threats.

But trusted security software offers other benefits, as well. For instance, it can help protect your devices against phishing attempts and tech support scams by providing network protection.

Why it's important: It's far easier for viruses and malware to gum up your laptop, desktop, and tablet if these devices aren't protected by antivirus software. Security software helps protect against other threats beyond computer viruses and malware.

4. Boost the security of your home router

If you’re working remotely even one or two days a week, you should strengthen the security of your home router and the Wi-Fi network it controls. This starts with creating a strong password for your Wi-Fi network. Don't simply accept the automatic password that came with your router. If you need to change your Wi-Fi's password, type "" into your browser. In most cases, you can then change the password from that browser. (Keep in mind not all routers can be accessed by this IP address. In those cases, check your manual.)

Once you're on this page, change your Wi-Fi network's SSID, too. That's the name of your wireless network. By changing this name, you'll make it more challenging for hackers and cybercriminals to identify and gain access to your home's Wi-Fi network.

You should also make sure your Wi-Fi network is protected by network encryption. Again, you can do this after you open your Wi-Fi network page on your browser. You can choose from a variety of encryption options, including WEP, WPA and WPA2. This last version is the strongest.

Why it’s important: Your Wi-Fi network is connected to all of your home's phones, tablets, laptops and other connected devices. If hackers access your network, they may be able to gain access to any work devices you’ve connnected to it, too. You don't want an outsider using your Wi-Fi network to connect to the internet. The Federal Trade Commission says that if someones uses your Wi-Fi network to commit a crime or send spam, law enforcement could trace that activity to your account.

5. Keep those Zoom meetings safe

You've undoubtedly become familiar with services such as Zoom, Microsoft Teams, and Google Meet. These online video conferencing programs have become a key way for employees and employers to communicate, collaborate and meet during the pandemic.

If you work from home, even after the pandemic fades, you'll probably still need to use these services. It's important, then, to boost the security of any video conferencing software you use.

First, when you download one of these services, only download it from the provider itself to avoid accidentally installing malware on your computer.

Set up a unique meeting ID for every conference you schedule. Don't simply rely on the same ID for all of your meetings. This could make it easier for hackers to video-bomb your meetings or record them and any important company information you discuss during them.

Set up a waiting room area for your video conferences. This way, you can see who wants to join your meeting. You can then screen participants before letting them into your conference. This is another good way to prevent uninvited video-bombers from disrupting your meetings.

Provide passwords for your video conferences. This is another step you can take to help prevent unwanted attendees from crashing your meetings.

Finally, make sure there is only one host for your meeting and make sure this host is the only person who can control screen-sharing, video options, mute options, and letting guests into the meeting.

Why it's important: Hackers have learned that crashing Zoom, Google Meet, and Microsoft Teams meeting is a good way to spy on people, record people without their knowledge or disrupt company meetings. The more hurdles you can add to prevent these people from breaking into your meetings, the better.

6. Control the impulse to improvise

Employees often work in teams, and that can mean using collaboration tools like instant-messaging platforms and video-meeting rooms. If a tool isn’t working right, you might be tempted to download a substitute. Don’t do it. You could inadvertently introduce a software program with a security flaw — and that means someone unauthorized may be able to access company data, or any personal data you have on that device.

Why it’s important: Your employer likely has vetted its collaboration tools and makes sure they’re secure. You can’t be sure a quick-fix tool you’ve downloaded has the same protections.

7. Stay current on software updates and patches

You might get reminders that software updates are available for your computer, laptop, tablet, or mobile device. Don’t wait. Update. Also, keep in mind you can configure your devices to update automatically.

Why it’s important: Updates help patch security flaws and help protect your data. Updates can also add new features to your devices and remove outdated ones.

8. Keep your VPN turned on

A VPN — short for virtual private network — can help protect the data you send and receive while you work from home. A VPN can provide a secure link between employees and businesses by encrypting data.

Why it’s important: VPNs help protect against cybercriminals and snoops from seeing what you do online during a workday. That might include sending or receiving financial information, strategy documents, and customer data. A VPN helps keep that information secure from cybercriminals and competitors.

9. Turn on two-factor authentication

Enabling two-factor authentication for important websites is another key security move when you're working more often from home.

2FA, for short, is an extra step added to the log-in process. Often ,that extra step is a single-use code sent to your phone that helps verify your identity and prevent cybercriminals from accessing your private information. Even if cybercriminals know your username and password credentials, they couldn’t easily access your account without knowing the code sent to your phone.

For example, you might enable this on your online bank account. When you log onto your bank's site, you'll first enter your username and password as usual. But your bank will then send a code to your smartphone. You'll have to enter this code before you gain access to your online account.

You can do the same with your company’s online employee portal. When you log onto your work accounts, you can request that your company's website send a code to your phone before you can access your accounts.

Why it's important: Two-factor authentication makes it much harder for criminals to break into your key accounts. It's easier for these hackers to access your accounts if they just need a password and username. That final piece of the puzzle — the code sent to another device — is an additional hurdle that can keep snoops away from your accounts.

The same holds true for your work accounts. Enabling two-factor authentication can boost the odds that hackers won't be able to access your most sensitive work information.

10. Beware of phishing emails

Cybercriminals sometimes send fake emails with dangerous links to employees. Here’s how it works. The email messages may appear to come from company officials and might ask you to open a link to a new company policy. If you click on the attachment or embedded link, you’re likely to download malware onto your device. Don’t click. Instead, immediately report the phishing attempt to your employer.

Why it’s important: A phishing email containing malicious software could allow cybercriminals to take control of your computer, log your keystrokes, or access sensitive business information and financial data.

11. Develop a new routine

Working from home requires changing your routine. Making sure you’re cyber secure is part of that. But it also involves structuring your day to work efficiently and maintaining contact with your team. If you’re used to starting the day by greeting your coworkers, you might consider continuing to do that by email or on a chat platform.

Why it’s important: It’s easy to lose focus or feel isolated when working from home. Take steps to avoid letting that happen. Reach out and stay engaged with your colleagues. The coronavirus may have changed your work life, but you still have a job to do.

12. Purchase a webcam cover and consider security software

Zoom calls and video conferencing remain a big part of working from home. That’s why investing in a webcam cover — and these handy devices aren’t expensive — is such a smart move. Smart cybercriminals can hijack your webcam, spying on you as you work. But they won’t see anything if you block your laptop’s camera with a webcam cover.

The security software you choose for your personal devices, or your company’s security suite, may also be able to alert you to attempts to access your webcam and block anyone who isn’t authorized to access it.

Why it’s important: Hackers don’t value your privacy, and they can learn a lot of information by spying on you through your webcam. They can even record what they see. A webcam cover is a simple and inexpensive way to protect yourself. Some security software can alert you to potential intruders and block access.

13. Be careful of public Wi-Fi

Working from home all day can be tedious. You might, then, want a change of scenery. Working from your local coffee shop or public library can provide it. Just be careful when using the free public Wi-Fi offered by these alternatives. 

Public Wi-Fi is notoriously unsecure. Hackers can connect to that same network and may be able to spy on your online activity when you’re relying on public Wi-Fi.

Why it’s important: Cybercriminals can spy on you when you log onto your online credit card portals or bank accounts. They can also snoop on your company emails and correspondence. That’s why security experts recommend that you never visit sensitive sites, or type in the passwords to these sites, while using public Wi-Fi. Instead, use public Wi-Fi for more mundane tasks such as basic research or reading the news. 

14. Back-up your work information

Make sure you back up all of your important work reports, data, files, and research. You don’t want a malware attack on your home laptop to wipe away that report you’ve been working on for months.

A smart move is to save back-ups of your work to one of the many companies that provide cloud storage. Your employer might even provide you with a companywide cloud back-up site provided by tech companies such as Dropbox, Idrive, or Backblaze.*

Why it’s important: A single malware attack could scuttle months of work if you don’t back up your important work documents, files and reports. Fortunately, backing up is easy today with cloud-based services.

15. Lock your devices

If you do get bored of working from your living room or guestroom, and you do take to public spaces to work, make sure to password protect your laptop, smartphone, and other devices.

This provides an additional layer of security. If you mistakenly leave your device unattended in your public library, nearby coffee shop, or favorite restaurant, it will be more challenging for those who find it to access the files, email messages, images, and work contained on it.

When you password-protect a device, you'll need to enter a numeric code or password to unlock it. You can also set up your devices so that you have to swipe a pattern, provide your fingerprint, or point your face at it to open it up.

Why it's important: It's easy to misplace your devices when you're working in a public place. If you lock them with passwords, codes, or patterns, you'll reduce the odds that someone else will be able to access the personal and work information stored on them.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.

Dan Rafter
  • Dan Rafter
  • Freelance writer
Dan Rafter is a freelance writer who covers tech, finance, and real estate. His work has appeared in the Washington Post, Chicago Tribune, and Fox Business.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.