The university of tulsa Online Blog

The number of workers based primarily in their homes tripled between 2019 and 2021, although that figure has fallen somewhat since then. The biggest change? The emergence of hybrid work, in which employees work partially at home and partially in the office. According to Robert Half, nearly 90% of companies offer some hybrid work options in 2026, with 25% extending that option to all employees. The message seems clear: Remote work, at least in some form, is here to stay.

The opportunity to work remotely offers many benefits to workers and employers, but it also presents security risks that range from network vulnerabilities to phishing attacks. The data breaches that result from those vulnerabilities are often costly. 

To protect themselves from these security risks, employees should adhere to a work-from-home safety checklist. From encryption to updates and password protection to two-factor authentication, following common work-from-home safety tips can help ensure remote workers keep their data and networks secure.

Why Is Work-From-Home Safety Important?

Whether they’re working in a corporate office or a corner of their living room, many of today’s employees rely on virtual workspaces to do their jobs. In these workspaces, people connect to others digitally, relying on technology to communicate and share data and other materials.

In corporate offices, workspaces generally have the support of centralized cybersecurity protocols that guard against unauthorized access to this data. Corporate cybersecurity protects networks, applications, and devices.

But businesses cannot control every facet of an employee’s work area at home. Without interventions from the worker and their employer that protect them, the employee’s digital equipment — and the data it transmits — could be vulnerable to unauthorized access.

Remote Work Cyber Threats

When an employee performs their tasks in a virtual workspace at a remote location, they may use an unsecured network or fail to take precautions that could prevent a cyber attack. Whether they lack awareness of best practices for digital security or fall prey to human error, workers can face the following cybersecurity risks associated with working from home:

• Unprotected Wi-Fi networks — Connecting to corporate systems through unsecured Wi-Fi networks, including public networks, that are not protected against data breaches

• Weak passwords — Choosing passwords that are obvious, placing entire networks at risk of unauthorized access

• Unsecured personal devices — Conducting business using a personal device, such as a laptop or smartphone, that does not have cybersecurity protections 

• Phishing attacks — Unwittingly clicking on a link that installs malicious software, or malware, on the device being used, allowing a cybercriminal to steal data or damage the device or its system

• Computer viruses — Relying on technology and behaviors that leave devices prone to viruses, including malware that can replicate and spread to other devices

• Unencrypted file transmission — Sharing confidential information in files that are not encrypted to protect sensitive data

Work-From-Home Dangers: Key Statistics

Work-from-home cybersecurity risks are pervasive, and they can be costly. The following are resources that illustrate the importance of protecting against these risks:

• Hypori, “Virtual Mobile Infrastructure (VMI) Report: Trends in Secure Mobile Access & BYOD” — This 2025 report notes that in the prior year, nearly half of organizations experienced breaches because of unsecured or unmanaged personal devices.

• Securonix, “2024 Insider Threat Report” — Security analytics firm Securonix found that insider attacks increased 10 percentage points — from 66% to 76% — between 2019 and 2024. Hybrid work was a particular concern, with 70% of respondents worried about managing insider threats in distributed, hard-to-control home environments. 

• Ponemon Institute, “Cost of Insider Risks” — The cost of insider negligence rose 17% year over year, reaching $10.3 million in 2025. Contributing factors included employees using unauthorized software and tools at home and office-based security training that doesn’t translate well to remote settings.

• Lookout, “Lookout Survey Highlights Mobile Phishing Risk to Employees Working Remotely Ahead of Labor Day Weekend” — A 2023 report from cloud security company Lookout found that 13% of remote workers have fallen victim to a phishing attack.

• Statista, Concern Level About Cybersecurity Risks of Remote Work Worldwide 2021-2023 — This 2023 report found that 72% of cybersecurity professionals are very or somewhat concerned about the security risks of working from home.

Work-From-Home Safety Tips

By following a few simple practices proven to protect against the cybersecurity dangers associated with remote work, people who work from home can help to ensure that their data and systems are safe. Many employers have work-from-home policies that outline parameters for physical and electronic file security. These policies typically cover work-from-home safety tips, such as:

Use Security Tools and Controls

Remote workers should ensure that their physical and digital assets are safe, putting their electronic devices away and locking their offices when they’re not in use. They also should ensure that the router they’re using has a unique password and that they’re regularly updating any protections available for securing that equipment.

Additionally, remote workers should activate the “Find My Device” mode for their equipment to guard against loss and theft. 

Some specific security measures that should be on every remote worker’s work-from-home safety checklist include the following:

VPNs: When beginning each work session, remote employees should ensure they are using a virtual private network, or VPN. This protection creates an encrypted link between their device and a server that keeps the connection private.

Encryption: Encryption uses a formula to scramble data as it is transmitted. When encryption is activated, only authorized recipients with a specific key code can unscramble and access the data.

Antivirus Software: Antivirus software protects against and eliminates viruses, which are malicious software that can compromise data and damage systems. By installing antivirus software on their devices, workers can guard against many types of malware.

Screen Lock: Most devices’ screens automatically lock, requiring the user to provide credentials to reopen them. Remote workers should ensure their screens are locked to protect against access when they walk away from their devices.

Two-Factor Authentication: Adding a second layer of authentication makes it more difficult for cybercriminals to gain access to sensitive data. When two-factor authentication is activated, even if someone gains unauthorized access to a password, they must also have a one-time code to access the data.

Videoconferencing Settings: Measures for protecting against unauthorized participation in remote meetings include requiring passwords and establishing a virtual waiting room to control access. Videoconferencing settings also may allow for blurring a participant’s background to prevent others from seeing sensitive documents in the workspace.

Webcam Protection: Remote workers can guard against intrusions through webcams by unplugging those that aren’t connected to a device whenever they are not in use. For webcams that are connected to a device, a webcam cover can shield against cyber attacks.

Separate Work and Home Devices

The best way to establish clear boundaries between work use and personal use of digital tools is to have a separate device for each. Using separate devices, when possible, helps guard the worker and their employer in case one of those devices becomes compromised.

Update Devices and Software

Another important item on a work-from-home safety checklist is keeping operating systems and software up to date. Doing so ensures that they are protected by the latest patches and upgrades against known security threats.

Select Strong Passwords

Passwords that are difficult to uncover help prevent unauthorized access to digital equipment or the data stored on it. Passwords that are unique, at least 12 characters, and include a mix of capital and lowercase letters as well as numbers are best. 

Saving passwords in a password manager tool can help remote workers remember their passwords while also keeping them secure.

Adopt a Zero Trust Mindset

Zero Trust is commonly cited as one of the safest models to adopt for at-home work safety. At its core, the principle is simple: No one should ever be given access to your devices or data without first verifying their identity.

This matters because cybercriminals can be very convincing. A bad actor may appear entirely legitimate, using a familiar-looking email address or other borrowed credentials and making it easy for remote employees to unknowingly let them in. Always verify someone’s identity before granting them access to your system.

It’s also important to know that one-time authentication is not sufficient. It’s possible for a bad actor to mimic another person or an online account, so it’s essential to verify that the person is who they say they are before granting access.

Learn to Identify Phishing Scams

Emails and other messages can contain links that, when selected, install malware on a device. This is known as phishing. Remote workers should learn about phishing scams and avoid clicking on links from unknown sources or those that look suspicious, and they should take advantage of any employer-provided training on the topic.

Back Up Data

Regularly backing up files can protect against a total loss of data, should a breach occur. A separate hard drive can store the backed-up data. Another option is cloud storage on a remote server, which allows other authorized users to access the data as needed, regardless of their location.

Employer vs Employee Responsibilities

Cybersecurity is a shared responsibility between employers and employees. Employers, in particular, have legal obligations to comply with local labor laws and federal or international data protection regulations. These responsibilities include:

• Safeguarding sensitive information belonging to both customers and employees

• Remaining compliant with any local, federal, and international laws governing worker safety

• Updating company policies to mitigate risks, such as requiring two-factor authentication on all work devices

Some organizations go further — for example, requiring employees to work exclusively on company-provided devices that come pre-loaded with security safeguards.

Employees, on the other hand, are expected to follow all cybersecurity policies dictated by their employer. That said, it may be worth going beyond these policies when it comes to personal cyber safety. A company may not require the use of a password manager, for instance, but adopting one can help employees protect both personal and professional accounts.

Work-From-Home Safety: Step-by-Step Checklist

Referring to a work-from-home safety checklist can help remote workers stay on track with tips and tools that can safeguard them from cyber attacks. When working from home, employees should ensure that they can answer yes to the following questions:

• Am I adhering to corporate work-from-home policies?

• Are my passwords strong and secure?

• Do I have antivirus software installed?

• Am I using a VPN?

• Have I enabled two-factor authentication?

• Did I adjust my videoconference settings?

• Have I backed up my data recently?

• Do I perform updates promptly?

• Do I use separate devices for work and personal business?

• Could I recognize a potential phishing scam?

Resources for Keeping Your Virtual Workspace Safe

Remote workers seeking additional information about how to create — and maintain — a secure virtual workspace should explore the following resources:

• Krebs on Security — Writer Brian Krebs, whose interest in cybersecurity grew after an attack on his home network, hosts a blog with information on topics like data breaches and digital security technology.

• National Cybersecurity Alliance, “Stay Secure While You Work From Home” — The nonprofit National Cybersecurity Alliance provides a list of tips for employees to follow to boost their data and network protection when they work from home.

• National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC) — This division of the U.S. Department of Commerce provides cybersecurity resources such as a searchable database of information, publications library, and glossary of terms.

• U.S. Cybersecurity and Infrastructure Security Agency (CISA), Telework Guidance and Resources — CISA offers tips and materials to guide remote workers in protecting their virtual workspaces, with links to a video about remote work tools and a list of essential security considerations when working from home. 

Protect Yourself When You’re Working from Home

Working from home can offer numerous benefits, but it poses dangers to both workers and their employers. By referring to this checklist of work-from-home safety considerations and making sure they’re following best practices for cybersecurity, remote workers can be confident that they are well protected against cyber attack.

Recommended Readings

C-Suite and Cybersecurity Professionals: How They Collaborate

Cybersecurity Law: What Professionals Should Know  

Visualizing the ROI of a Cybersecurity Degree