How to work from home safely: Cybersecurity tips, liability and more

The 2020 COVID pandemic changed how many people worked, and while some businesses have encouraged a return to office, around 22% of Americans (around 32 million people) still work primarily from home.^[1]

Of course working from home provides a great deal of convienence for many workers, but it can also introduce some added complexities when it comes to security. This is particularly true for industries where people are exchanging confidendial information or dealing with customers' private data. 

Below, we walk through how to work from home safely by eliminating potential malware and data breach risks from cybercriminals. We also discuss the importance of an up-to-date home insurance policy in case an accident or theft occurs. You can also jump to our infographic to learn how to stay secure working from home.

The shift to remote work during COVID-19

In 2025, five years after the pandemic drove remote work to extreme numbers, almost a quarter of the country is able to work remotely. About 22% of the workforce will work remotely in 2025. 

However, over that time, many offices have made moves to bring people back in person. At the end of 2024, big employers like Amazon, Dell and the Washington Post made headlines with return-to-office mandates.^[2]

And shortly after taking office in January 2025, President Donald Trump issued a mandate for all federal workers to begin working in offices.^[3]

10 ways to prevent cybersecurity risks while working from home

Remote work offers advantages in flexability for workers, but it’s also revealed a slew of security risks as people dial in on insecure networks or personal devices. This is because 95% of cybersecurity breaches are due to human error and a lack of risk management.

Whether you’re working from home temporarily or are a permanent telecommuter, prevent a stranger from popping up in your next meeting — or worse, stealing sensitive company information — with these cybersecurity best practices and prevent cybercrime from happening to you.

1. Only use company-issued devices

Rather than outfitting your home computer with work programs or checking your email on your personal phone, use only company-provided technology during remote work if possible. While different employers have their own unique set of rules for cybersecurity, company devices are almost always better outfitted to combat security threats with the most up-to-date antivirus protection.

Using company-issued devices also prevents family members or houseguests from logging onto your computer and accessing sensitive information. Often, company security liability insurance only covers breaches if the incident happened on a work device.

2. Use a VPN to reduce hacking risks

If your company provides a virtual private network (VPN), make sure you sign in through this every time you log on. Otherwise, you may be on the hook for any cyberattacks that occur.

A VPN uses a private server for your device’s internet connection, which in turn keeps you secure and anonymous. A hacker who intercepts VPN data won’t be able to read it. Do your part to keep your company VPN safe by updating it regularly with a secure password.

3. Work within company approved software and tools

Your employer and their information security team designate particular software use for a reason. These platforms are usually vetted for security concerns to minimize cybersecurity threats and can be outfitted with additional security measures such as firewalls.

Even if your Slack goes down, don’t download another chat software to continue the conversation with a coworker. Using unapproved software and tools puts you at risk for cyberattacks and phishing schemes.

4. Keep software updated

New software popups are another annoying update many of us field frequently. Yet, like password protection, software updates help protect our machine from bad actors. This is because most software updates include the latest security measures and virus prevention to protect sensitive data.

Backup any important files on a cloud or external hard drive before doing the software update in case of any technical issues.

5. Avoid public Wi-Fi

There’s no way to know if hackers are on a public Wi-Fi network or which security protocols are in place to protect you and your data from them. It’s best to avoid public Wi-Fi or public IP addresses altogether when working with sensitive company information.

Instead, use a mobile hotspot to access the Internet on the go. Your employer may be willing to pay for a mobile hotspot on your company-issued mobile device if it isn't already equipped with one.

6. Don’t open suspicious emails

Do you know the signs of an email phishing attack? Scammers send emails claiming to be a coworker, or even worse, your boss, in an attempt to gain sensitive information or launch a ransomware attack.

At least $57 million is lost annually to these attacks.^[4] Know how to spot a phishing email so you don’t get tricked. If an email sender asks you to confirm personal information, click on a link to make a payment, or offers a coupon for free stuff, it may be a phishing scam. Would your boss really email you and ask you for your credit card information?

7. Change your password regularly

It can be a headache to keep track of multiple, ever-changing passwords, but changing your password is one of the best ways to stay secure online. At the very minimum, you should change them every 90 days, but your company may request that you do this more frequently.

You should never share your passwords or store them somewhere that is easily accessible. Consider a password manager to store all of your logins so you aren’t jotting them down on paper that could fall into the wrong hands. Rather than adding another number or exclamation points onto your existing password, add more complex changes in lettering and numbering to make the code harder to crack.

8. Set up boundaries for virtual meetings

Hosting a meeting or video conference? Don’t be afraid to establish remote boundaries with attendees. If you’re talking about anything sensitive, let your colleagues know beforehand and encourage them to take the meeting out of earshot of roommates or family members.

Also, take advantage of meeting software security features such as requiring a meeting passcodes, preventing non-hosts from sharing their screens, and disabling file transfers and auto-saved chats.

9. Be cautious when you share your screen

If you plan to share your screen during a meeting, remember that one wrong click can become a security concern. Don’t let the wrong set of eyes fall on company information or personal data. Close all tabs and software that aren’t relevant to your meeting beforehand.

Your company will value your commitment to your virtual security defenses, and you may spare yourself embarrassment, too.

10. Practice good digital hygiene

Practicing digital hygiene will keep your digital footprint squeaky clean. This isn’t a one-time item to check off your to-do list, but rather a recurring ritual.

Here are good digital hygiene habits that help keep hackers at bay:

• Keep your inbox organized
• Unsubscribe from unnecessary emails
• Turn on multi-factor authentication
• Delete unused apps and software
• Take advantage of cybersecurity awareness training

Home office liability

While logging in to work from your couch may seem like the safest way to work, security situations do arise — even from the comfort of home, as well as for small businesses. As an employee, here’s what you need to know about your home office and liability.

1. If you signed a telecommuting policy, familiarize yourself with it and follow all the guidelines to ensure you’re financially protected in the event of an emergency.
2. The Occupational Safety and Health Administration (OSHA) in the United States grants remote workers the same workers’ compensation rights as in-office employees.
3. If a theft occurs and items at your workstation become damaged or stolen, your home insurance policy should cover the lost items. Be sure to alert your company's incident response team if you are concerned any sensitive data was hacked.