10 Cybersecurity Dos and Don’ts for Remote Employees

10 Cybersecurity Dos and Don’ts for Remote Employees


The global health crisis that paralyzed the entire world last year caused a massive shift to remote working as organizations tried their best to remain operational. Although the COVID-19 restrictions that prevented many employees from working from the office have largely been lifted, remote working is here to stay, at least to some extent.

The problem is that last year’s exodus from the office was so sudden that there was very little time for cybersecurity training—just keeping critical systems running and troubleshooting day-to-day technical issues was challenging enough. As a result, a third of employees picked up bad cybersecurity behaviors while working from home, according to Tessian’s Back to Work Security Behaviors report.

Now that the dust is starting to settle and employees are finally getting used to their new work routines, it’s time to give cybersecurity the priority it deserves and address employees’ bad behaviors before they lead to a costly data breach. Let’s start with the top 10 cybersecurity dos and don’ts all remote employees should follow.

Cybersecurity Dos

1. Use Strong, Unique Passwords

Cybersecurity professionals are tired of repeating the same basic password best practices over and over again, but they have no other option: weak passwords are still responsible for most data breaches.

Here’s are the most important characteristics all strong passwords share:

  • Complex enough to resist brute-forcing.
  • No real-world information (dates of birth, telephone numbers, etc.) included.
  • Not reused across multiple sites and applications.
  • Stored in a secure manner, such as using a password manager.

2. Enable Multi-Factor Authentication

Strong, unique passwords can reliably protect against dictionary attacks and other forms of brute-forcing, but they’re just as vulnerable to social engineering (think phishing and spear-phishing) and third-party data breaches as laughably weak passwords.

The good news is that you can prevent 99.9 percent of attacks on your accounts just by enabling multi-factor authentication (MFA) and requiring remote employees to provide at least one additional piece of evidence besides the good old password. One-time PIN codes work fine, dedicated verification apps are even better, and hardware tokens are the best.

3. Regularly Back Up Important Data

Data loss is unavoidable because storage devices are not completely reliable and because employees, despite their best intentions, make critical mistakes with far-reaching consequences. But data loss doesn’t have to be permanent or even cause lengthy downtime.

When all employees are provided with the means to easily and securely back up work-related data, recovery can take just a short while, and the financial impact of data loss can be minimized or even avoided entirely.

4. Keep Software Updated

Installing software updates can be a hassle. Large updates, such as when a new version of an operating system is released, take a lot of time to install, and they may require one or more restarts to complete, preventing employees from doing their work.

It’s no wonder then that postponing the installation of software updates is a fairly common practice. However, it’s also something that should be avoided unless absolutely necessary. In addition to improvements and bug fixes, software updates include critical security patches that can be the difference between a data breach and smooth sailing.

5. Use Anti-Malware Software

The AV-TEST Institute estimates that approximately 350,000 new malicious programs (malware) and potentially unwanted applications (PUA) are released every day. Fending off such a massive quantity of increasingly sophisticated malware is no easy task, and passive protection can only get you so far.


You should protect all devices used by remote employees (desktop computers, laptops, smartphones, and tablets) with reliable anti-malware software capable of recognizing and neutralizing the latest threats.

Cybersecurity Don’t

1. Avoid Public Wi-Fi Networks

Public Wi-Fi networks are undeniably convenient, but they’re also extremely dangerous. Cybercriminals like to set up seemingly legitimate hotspots in public places, such as airports, hotel lobbies, and coffee shops, and use them to capture sensitive information from anyone who uses them.

To protect themselves against these so-called man-in-the-middle attacks, remote employees should use their mobile data instead. When that’s not possible, and public Wi-Fi is the only option, they should at least use a virtual private network (VPN) to create an encrypted tunnel for all traffic to go through.

2. Browse and Click with Caution

The web is an invaluable resource, and employees should be encouraged to use it for all work-related purposes. At the same time, they must understand that one is always just a few clicks away from dangerous malware, scammy websites, and other threats when browsing the web.

The same can be said about email. Since nearly 85 percent of all emails are spam, clicking without thinking can have disastrous consequences. Even email messages that look like they are from a trustworthy source may be cleverly disguised phishing attempts, so it’s paramount to always exercise as much caution as possible.

3. Protect Login Credentials

Remote employees rely on an entire collection of cloud software applications to get things done and communicate with their coworkers. Accessing cloud software applications means juggling a whole bunch of usernames and passwords.

To make their lives just a bit easier, employees sometimes write down their passwords on sticky notes and share them in private conversations with coworkers. Practices such as these must be avoided at all costs, which is why it’s a good idea to equip employees with a secure password manager.

4. Don’t Forget About Physical Security

Having strong defenses against digital threats is essential these days, but that doesn’t make physical security any less important. While some remote employees work only from their homes, others enjoy the occasional change of scenery that coffee shops and other public places offer.

The problem is that suburban houses, city apartments, or cozy coffee shops are all less secure than the average office building, and both common thieves and sophisticated cybercriminals know it. The key is to not leave any equipment unattended, and it also helps to invest in better locks and security cameras.

5. Avoid Installing Unauthorized Software

There’s no shortage of useful software to make remote employees more productive. Problems start to happen when employees take matters into their own hands and begin downloading and installing random applications from the internet.

Even reputable applications that have been around for a long time may become temporarily compromised, so it’s best to avoid installing unauthorized software altogether and stick with IT-sanctioned applications.


These basic cybersecurity dos and don’ts can prevent remote employees from being easy targets and adhering to them is surprisingly easy. We at BCA can help you secure your remote and office-bound workforce alike by providing cost-effective and scalable IT security services in Miami. Schedule a free consultation so that we can address your security gaps as soon as possible. We look forward to hearing from you.