Roughly one-half to two-thirds of U.S. employees work remotely at least some of the time. This trend, spurred in large part by the COVID-19 pandemic, hasn't gone unnoticed by cybercrooks. As such, it's more important than ever to shore up the technology practices of at-home workers.
To help employers and employees protect at-home networks from cyber disasters, the National Security Agency (NSA) recently released a collection of best practices for securing home networks. What follows are some of the agency's recommendations, along with advice from cybersecurity specialists.
1. Regularly train workers about at-home cybersecurity.
Cybersecurity expert Burton Kelso, owner of a tech support company in Kansas City, Mo., recommended constantly training at-home workers about cybersecurity.
"Cybercrime is a human problem. If there are going to be breaches to your network, it will be caused by your workforce, in-house and remote," Kelso said. "You can have the best cyber defense in the world, but all it takes is one click from someone from your organization to bring things to a halt."
Steve Petryschuk, director and technology evangelist at network management software provider Auvik Networks in Ontario, Canada, said educating at-home workers about best practices in cybersecurity should be at the top of every organization's list of priorities for remote employees.
"There are several items that, while quite simple, can have a significant positive impact on the security of remote work," Petryschuk said, "such as educating users to lock laptops when not in use and being aware of your environment when viewing confidential information or speaking about confidential items on a call."
2. Install security software.
The NSA recommends equipping electronic devices used by remote workers with security software that combats viruses, malware, phishing attempts and other potential threats.
3. Use an up-to-date router.
Most remote workers use routers that jeopardize network safety, Kelso said. Any router being used by an at-home worker should be less than five years old. Otherwise, work-related data could be at risk.
The NSA further suggests that a router connected to the network of an at-home worker be a personal device, rather than a device supplied by an internet service provider. This gives an employee more control over their at-home network.
"Your router is the gateway into your home network. Without proper security and patching, it is more likely to be compromised, which can lead to the compromise of other devices on the network as well," the NSA warned.
4. Connect to a VPN.
A virtual private network (VPN) enables a remote worker to safely access a company network by masking IP addresses and other information being transmitted from computers, Kelso explained.
"This provides an added layer of security while allowing you to take advantage of services normally offered to onsite users," said the NSA.
5. Keep kids away from work devices.
A remote worker's children might be tempted to play games on the employee's computer or other work devices. That's a recipe for trouble, according to Kelso, as "kids don't care about cyber protection and can invite malware and ransomware into your devices."
As such, kids shouldn't use work devices belonging to their parents, experts said.
6. Be careful around smart devices.
Smart devices, such as Amazon's Alexa and Google Nest are constantly eavesdropping and may pick up company secrets, Kelso pointed out. This can happen even when you aren't actively engaging with a device, according to the NSA. To safeguard those secrets, put these devices in a room where you aren't discussing business or turn them off altogether.
7. Enable encryption.
Google refers to encryption as "one of the fundamental building blocks of cybersecurity." It works by jumbling data into a secret code that can be unlocked only with a unique digital key.
All company devices should feature encryption capabilities, Kelso said.
"Encryption scrambles the information on your devices to keep the bad guys out. Data is king, and criminals want all of that information you have," he said.
8. Create strong passwords.
You've almost certainly heard tech specialists preach about the importance of setting up strong passwords, but it bears repeating.
Kurt Sanger, a cybersecurity expert at Batten, an online marketplace for cybersecurity and home security headquartered in Seattle, said passwords should be unique and difficult to guess. So, if your name is Sam Lucas and you were born in 1983, your password should not be samlucas1983.
Muhlenburg and Lafayette colleges suggest that a password:
- Be at least 12 characters.
- Be a mixture of uppercase and lowercase letters.
- Be a mixture of letters and numbers.
- Include at least one special character (such as @).
"Sometimes, hacking can be as simple as someone guessing your password," Sanger said. "That's why experts recommend using unique, varied passwords that have many different characters."
John Egan is a freelance writer based in Austin, Texas.