9 Common Cybersecurity Mistakes Remote Workers Make

Cybersecurity work from home policies are so important, especially with an increase in remote jobs. Cybercriminals don’t care what size your company is or what industry you operate in. If you are in business, you are a potential target, which could lead to substantial losses that are sometimes impossible to recover from.

In this blog, we cover nine common mistakes people make that can make their data more susceptible to an attack. These mistakes can happen on and off company property. With summer travel upon us and more employees working from varied locations, now is a great time to implement or revisit your cybersecurity best practices!

As an employer, you play a crucial role in ensuring the cybersecurity of your remote team. Here are nine common cybersecurity mistakes that you should help your team avoid:

Reused or Weak Passwords: you’ve probably heard this time and again, but stop using weak or reused passwords! The most common passwords have a combination of names/seasons and numbers/years, like “sarah2023” or “jan2025!”. If these combinations sound familiar, take it as a cue to update your old passwords. And diversify your passwords! You should not use the same passwords repeatedly because this can compromise multiple accounts in a single breach.  

A handy password management tool can help improve your security by generating and storing complex passwords. A password manager can generate a combination of upper- and lowercase letters and special characters which can strengthen passwords. 

Skipping Multifactor Authentication (MFA): This extra verification step can reduce the risk of unauthorized access. Usually, it comes as a text to your phone, a code sent to your email, a passkey, or a code sent to an authenticator app. Authenticator apps can make things easy, as they connect to several different accounts from one app. At a minimum, always enable MFA for company accounts, email, and cloud storage services.

Putting Off Software Updates: Another software update? Please don’t ignore it! According to Zywave, “…software updates often contain patches that address known vulnerabilities. When not installed, attackers can exploit outdated software or known security gaps to access or control devices, networks, or systems.” You can enable automatic updates across all company devices and applications to avoid this. As an employer, it’s important to watch for updates released by your software vendors, especially your security vendors. Please regularly communicate with your team to ensure they update all work devices and software.

Using Public Wi-Fi: Publicly available Wi-Fi networks are often unsecured, making them a potential entry point for cybercriminals. They can slip in without you ever realizing! To avoid this, direct your team to not access sensitive information on public Wi-Fi. Only password-protected, secured networks should be used. According to Zywave, users should also “…turn off automatic Wi-Fi connection and file-sharing settings to prevent unintended connections or data leaks, and “Employees should ensure they use virtual private networks, or VPNs, that encrypt data transmissions if they are connecting to public Wi-Fi and confirm their firewall is enabled to add protection against malware and other cyber threats.”

Using Personal Devices: Bouncing between personal and work emails on personal laptops or smartphones without proper security can reduce vigilance and increase vulnerability. Aways use company-approved and secured devices or ensure that personal devices meet security standards.

Not Logging Out: Stepping away from an unlocked device risks unauthorized access, especially in shared living or coworking spaces or while an employee is on vacation. It’s wise to enable auto-lock on devices and always log out when stepping away from your devices.

Unsecured File-Sharing: Ensure your team uses approved file-sharing tools with built-in security features and access controls. Sending or storing work documents on unauthorized platforms can lead to data leaks.

Less Oversight & More Isolation: A remote worker may be more prone to clicking a suspicious link for a few reasons. First, they may not have a coworker they can quickly ask, “Does this email look legitimate?” Second, they may be on screens all day, leading to digital fatigue and reduced attention to detail. Third, they may not have IT staff to connect with or anyone informing or overseeing their security practices. Finally, they may be prone to using digital tools like email and Slack to communicate with coworkers, where phishing attacks (like an email disguised as a message from the boss) can happen.

Not Talking About It: It is estimated that only 17% of small businesses have cyber insurance. And many businesses do not continually communicate expectations or best practices to their team. If employees are unaware of threats and how to handle data safely from the top-down, the entire team is at greater risk of a cyber incident, which can impact your business’s livelihood. In addition to having a cyber plan, it’s a good idea to have remote-specific security training and regular refreshers for your team.

What can you do next? The good news is that you’re likely reading this because you want to stay informed and implement best cyber practices for your team. That is the mark of a great leader! At Fusco Orsini Associates & 4C Advising, we can help you get the right cyber insurance policy and provide you with comprehensive risk management solutions. Get started HERE.

References:  5 Common Cybersecurity Mistakes and How to Avoid Them | Zywave