Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Telework Security Basics

Front view picture of studio workplace with blank notebook, laptop. Designer comfortable work table, home office.
Credit: Shutterstock

Your employer has unexpectedly directed you to telework—and you are feeling overwhelmed. With many changes happening at once, telework security could be an afterthought or completely overlooked. This could put you and your organization at increased risk from attackers, who are always looking for opportunities to take advantage of disruption generally and weak security practices specifically. But it’s more than your organization at risk—if your telework device is compromised, anything else connected to your home network could be at risk too.

Don’t panic.  There are some simple things you can do to improve your security. The tips that follow apply to almost all situations, and they’re relevant whether you’re using your organizations’ laptop or smartphone, or your own personal desktop or tablet.

Basic tips to improve your telework security:

Click for printable version.
Click for printable version.
  1. Find out if your organization has rules or policies for telework, and if so, make sure you read them and comply with them. For example, it may be OK for you to use your own computer for reading company email but not for accessing sensitive customer data.
  2. Protect your computer communications from eavesdropping. If you use Wi-Fi (wireless networking) at home, make sure your network is set up securely. Specifically, look to see if it is using “WPA2” or “WPA3” security, and make sure your password is hard to guess. If you’re unsure how to do this, you might be able to find a how-to video or checklist online by doing a search for your Wi-Fi router brand and model.  
  3. If your organization has a VPN (virtual private network), use that on your telework device for stronger protection (your organization’s telework rules or policies will likely tell you if you do). If not, consider using your own VPN—you can find numerous providers online.
  4. If you’re using your own computer or mobile device (something not issued by your organization) for telework, make sure you’ve enabled basic security features. Simply enabling the PIN, fingerprint, or facial ID feature will prevent people from getting on your device should you walk away from it. Any PIN or password you use should be hard to guess.
  5. Keep your computers and mobile devices patched and updated. Most provide an option to check and install updates automatically. Enabling that option can be a good idea if you don’t want to check for updates periodically.
  6. If you’re seeing unusual or suspicious activity on any device you’re using to telework (computer, mobile device, or home network) ask for help—better safe than sorry. Contact your organization’s help desk or security operations center to report the activity.

Be on the lookout for social engineering attempts such as phishing emails or phone scams related to telework. Social engineering is when someone tries to trick you into doing something or giving away personal information. Scammers and criminals use every major event to come up with new schemes, and with you and others suddenly teleworking, attackers will try to take advantage of this changing environment. If you get emails from unknown accounts with strange file attachments, if people call claiming to be technical staff asking for your passwords or telling you to go to a website to ‘scan’ your computer, if you get unusual web meeting requests—don’t hesitate to ask questions and verify things by phone or other means before proceeding.

Attackers are always looking for opportunities to take advantage of weak security practices. If you overlook your security obligations when teleworking, you could put yourself and your organization at increased risk. But it’s more than your organization at risk — if your telework device is compromised, anything else connected to your home network could be at risk, too. Here are some simple things you can do to improve your security. For more information on these tips, go to: https://www.nist.gov/blogs/cybersecurity-insights/telework-security-basics

For more information on telework security, see:

About the author

Jeff Greene

Jeff Greene, former vice president of global government affairs and policy at Symantec, began a new role as director of the National Cybersecurity Center of Excellence (NCCoE) at the National...

Comments

Great technical insights very useful for this moments that we are living in.

Add new comment

  • This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
    Enter the characters shown in the image.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Posts that violate our comment policy will not be posted.