Cyber Security for Employees Working from Home

While working from home this spring has been necessary for many public entity employees, cyber-attacks are on the rise for these at-home workstations. Cybersecurity ratings company BitSight recently published a report that found that home office networks are far more likely to be infected with malware than corporate networks.

The report, entitled “Identifying Unique Risks of Work from Home Remote Office Networks,” reviewed more than 41,000 organizations and their “work from home-remote office networks”, and found that 45 percent of organizations had malware on their corporate-associated home networks. By comparison, only 13.3 percent of organizations had malware on their corporate networks.

These numbers from the BitSight report are eye opening when we talk about the cyber risks our employees are facing at home. Let’s look at why these cyber threats exists and how we can mitigate this exposure for our organizations and employees.

While working from home, some employees may be using older or unprotected devices that do not provide the same level of cybersecurity as workplace devices do. Cyber-attacks on devices at home may be harder to spot without the software and human cybersecurity monitoring presence we have in the office.

There are ways organizations can increase cybersecurity for home-based employees:

  • Provide up-to-date devices
  • Increase device protections
  • Increase network protections
  • Train employees

Unfortunately, implementing these practices can be more complicated when employees are working from home.  If possible, provide employees work-issued computers with the highest cybersecurity protections in place and require them to only use these computers for work specific tasks.  Many businesses find that the cost of computer equipment is low enough, particularly when compared to the cost associated with a cyber-attack, that this is a worthwhile expenditure.

If employees must use personal computers and devices, require them to keep their devices patched and provide them with security software to install on all devices. Another requirement should be that employees update and change their computer login password regularly. Employers should also consider setting up a virtual private network (VPN) and have employees log into it from their own computers. A VPN is a secure way for employees to access the internet and keep your information safe.

Home networks must also be as secure as possible. Employers should require that any Wi-Fi network used for company business is protected by a strong password. An even safer bet would be to use an ethernet cable and bypass the Wi-Fi altogether.

Training employees on all of the above practices is essential. Do not assume that your workers know how to create a secure home office network. Provide clear instruction and regular reminders.

Finally, require employees that are working from home to participate in cybersecurity training. APEI has cybersecurity training available through our online training providers TargetSolutions and SafeSchools for both our municipal and school members. These training courses cover phishing emails, password security, protection against malware and many other important topics that our employees may be exposed to while working from home. We are also able to recommend other training that members may choose to purchase and can be at least partially paid for with APEI’s safety grant.

For more information on APEI’s online training providers or other training opportunities, contact Cole Cummins at 907-523-9470 or