Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Manager

Nine Work-from-Home Key Security Practices

We have been watching the news, reading your helpful posts here on the community and even working remotely ourselves. 


Based on what we've read and experienced, we have put together some guidance on the remote workforce situation (when possible, we realize not all employees have the ability to work remote). 


Join the discussion. What did we get right? What did we miss? 



Nine Work-from-Home Key Security Practices


The coronavirus (COVID-19) outbreak is forcing a lot of people who have never had to work from home to do just that. While telecommuting is a growing practice, many organizations simply weren’t prepared to set up employees to work from home. This is creating a significant number of challenges, including how to protect newly-minted telecommuters from cybersecurity threats.


The substantial increase in telecommuters is forcing cybersecurity teams to hold off on day-to-day tasks in order to help employees secure their new working environments. These teams, all of the sudden, are under pressure to address new risk profiles their organizations never anticipated.


Some of the issues they are facing, such as companies lacking enough laptops and VPN licenses, may not have an immediate solution. But these challenges are also lessons that organizations can apply to business continuity plans when they revise them for the future.


In the meantime, cybersecurity professionals can guide work-from-home employees through some basic measures to lower their exposure to cyber risks:


  1. Authentication policies – Review authentication policies with employees working from home, reminding them of the importance of using strong passwords and, if available, two-factor authentication to prevent unauthorized access to sensitive business data.


  1. Device separation – Remind workers to keep their work and personal devices separate, unless a BYOD (bring your own device) policy is in place. Only employer-issued devices with proper security should be used for work-related tasks.


  1. Private workspaces – Users who’ve never worked from home may need some guidance setting up their work areas. Advise them to find a private room or nook, away from other family members and distractions if possible, and make sure no one else in their household uses these work-issued devices. Remind them to lock their laptops and mobile devices when away from them.


  1. VPN access – Many companies have secure VPN connections to sensitive business data and applications. If VPN connections aren’t available for some workers, take the necessary steps to block access to at-risk assets as a measure to prevent security breaches.


  1. Data backup – Backing up data is not only a sound business continuity practice but also a security measure. It can be the saving grace in the event of a ransomware attack, for instance. Make sure work-from-home employees have access to data backup. If necessary, add capacity by leveraging one or more of the many available cloud-based data backup services.


  1. WiFi security – Employees unaccustomed to working from home may not realize their WiFi should be password-protected. Instruct them to secure their wireless networks and to change passwords from those issued by device manufacturers.


  1. Email encryption – A lot of business is conducted via email. Implementing email encryption when so many people are working from home is a sound business practice. Instruct workers on how to use encryption.


  1. Software updates – It’s easier to manage software updates and security patches in the office, but it still must be done in work-from-home scenarios. If you do not have automated updating and patching, be sure to remind users to keep all systems up to date.


  1. Ongoing reminders. Inform staff about the latest security threats and send them periodic reminders about safe computing practices, such as how to avoid phishing emails.


These basic practices can go a long way to help secure home environments. If you have other tips and practices you can share with your cybersecurity peers, visit our community.






ISC2 Community Manager
5 Replies
Community Champion

@AndreaMoore this is rock solid advice! Everyone is playing catch-up with enabling VPN access for remote workers and setting up mandatory multi-factor authentication. I can't reemphasize enough your points on WiFi security and data protection they are spot on. Hackers are just waiting for systems to collapse and then strike and infiltrate networks. Be safe and secure my cyber friends! Now, back to my WFH nook..VPN Login Overload!VPN Login Overload!


Defender I

Another good guide to the situation:

SANS has opened up their 

SANS Security Awareness Work-from-Home Deployment Kit
"Everything you need to know to create secure work-from-home environments during the COVID-19 pandemic and beyond.

which offers a wide variety of SANS public resources and paid training materials at no cost."

as highlighted in a recent SANS Newbytes




D. Cragin Shelton, DSc
My Blog
My LinkeDin Profile
My Community Posts
Community Manager

I wanted to alert everyone of an upcoming webinar on this topic. 


Free Webinar, April 16, at 1:00 pm ET Earn 1 CPE 


Office Shutdown: Securing an Increased Remote Workforce


ISC2 Community Manager
Community Manager

Here's another webinar we are hosting on the topic of security and a remote workforce: 


Minimizing Security Impacts of a Growing Remote Workforce

April 28, 13:00 BST



Many organisations are implementing remote working policies and need to quickly support an unprecedented increase in the number of remote employees. However, an expanding remote workforce can significantly increase the attack surface and has changed the threat model of organisations overnight. Many remote access options are quick to implement but are not secure and organisations are trying to navigate the challenges of quickly, but securely, operationalising their remote employees.


On April 28, 2020 at 13:00 BST, BeyondTrust and (ISC)² will explore the risks unsecure remote access presents and discuss how the secure remote access and endpoint privilege management pillars of a PAM solution can securely and efficiently connect remote employees to corporate resources.


Save Your Spot



ISC2 Community Manager
Newcomer III

I'd also advocate for user education at the moment.


Many users invariably avoid change most of the time.


Sound familiar? "... but we've always done it this way!".

Change has now become a way of life... ergo a little user education goes a long way.


With what is going on in the world at the moment, arguably it will go even further right now!