8 tips to secure your remote workforce (plus an employee checklist)

Your remote workforce should be as digitally secure as any in-office workforce. Fortunately, the same tools that can enable you to operate a distributed workplace, like VPNs and collaboration software, can help you keep your data safe too.

In this article, we’ll cover eight steps you can easily take to secure your network — no matter where your employees are working.

1. Offer reliable, secure hardware and software
2. Require two-factor authentication
3. Instruct your employees to change their home router password
4. Select the right VPN
5. Ensure VPN use
6. Limit access to internal servers
7. Encrypt group calls
8. Protect employee text messaging

We’ve also included an employee checklist at the end of this article to help you guide your remote employees in securing their work.

What are the threats?

First, it’s important to understand what you’re securing your workplace from.

In most cases, you’re simply trying to protect your company from the common cybercriminals who target all of us online to steal personal data for financial gain. They may not actually be singling out your business, but their impact can be huge. Internet scams cost businesses and individuals a combined $10.3 billion(new window) in 2022 in the US alone — and likely more, as cybercrime is underreported. 

These include all kinds of attacks, ranging from phishing(new window) to ransomware(new window). If a hacker steals your data and demands payment, you may decide you have no choice but to pay. Or if your customers’ personal data leaks onto the dark web, you could be subject to huge fines for violating data protection laws(new window).

Secure your remote workforce

There are multiple ways to mitigate the risks. Many of these start with prioritizing security, both at a management level and in your employees’ habits. We address this in the checklist below. But apart from training and awareness, there are also technical safeguards you can put in place. Here are eight you can work toward right now.

1. Offer reliable, secure hardware and software

Businesses are responsible for their employees’ hardware and software, even when the devices are outside office walls. Employees may choose hardware and software that are ill-suited or not secure for their work if left on their own. While your employees are responsible for following security best practices, expecting them to assess software and hardware security is unfair and unlikely to lead to good results.

Have a security expert, ideally your IT support team, advise employees on what hardware they should choose, including laptops, printers, cellphones, external microphones for remote meetings, etc.

Also advise them on what basic software they need. This includes office suite software, internet browsers, and email clients.

2. Require two-factor authentication

Whether your employees work from home or the office, you should require two-factor authentication(new window) (2FA) on all workplace accounts and encourage it on personal accounts. This adds an extra authentication layer when logging in, so even if an attacker steals someone’s username and password, they won’t be able to access the account. 

2FA should be enabled for email, VPN, chat apps, cloud storage, CRMs, and anywhere else your employees access your network. Typically you can require 2FA from your administrator settings.

3. Instruct your employees to change their home router password

Personal home routers usually come with a default password printed on the bottom. Many people never take the time to change these passwords, making their routers vulnerable to hacking. Make sure your employees change and save their router password, just like they would manage any passwords in the office (using the password manager(new window) that you have provided them).

4. Select the right VPN 

As a company with a remote workforce, you need a high-quality VPN, or virtual private network. A VPN will protect your employees’ privacy and security no matter where they are connecting to the internet. We developed Proton VPN for Business(new window) specifically to address the most critical security needs of small- and medium-sized businesses.

Here is what to keep in mind when selecting a VPN:

• High speed — Don’t settle for a VPN that slows your remote workforce down. Proton VPN for Business’s VPN Accelerator(new window) technology uses advanced networking techniques to reduce latency, cut down on protocol inefficiencies, and overcome CPU limitations. Plus, all Proton VPN servers have a minimum of 1 Gbps bandwidth, with 10 Gbps servers available if you need them.
  
• Secure VPN protocols — Business VPN servers should not support the PPTP and L2TP/IPSec VPN protocols as they aren’t secure. At Proton VPN for Business, we only use the VPN protocols known to be secure(new window). These protocols are WireGuard®, OpenVPN, and IKEv2.
  
• Strongest encryption — Your remote workers’ security is only as strong as their VPN’s encryption. Proton VPN uses the strongest encryption(new window) possible: AES-256 or ChaCha20 for network traffic, 4096-bit RSA for exchange keys, and HMAC with SHA384 for message authentication. Additionally, all our cipher suites use perfect forward secrecy(new window), meaning we generate a new encryption key every time your employee connects to the VPN.
  
• Network protection — Proton VPN for Business’s Secure Core(new window) servers are in hardened data centers in Switzerland, Iceland, and Sweden, protected with full disk encryption. Proton is also protected by some of the strongest privacy laws in the world since it’s a Switzerland-based company(new window). That’s why we can maintain our strict no-logs policy(new window).
  
• Open source and audited — Only trust a VPN that is transparent and independently audited(new window). Our Proton VPN apps are 100% open source. On top of that, we regularly commission independent, professional audits and publicly publish the full results.

5. Ensure VPN Use

No matter how advanced your VPN is, if your employees struggle to use it or avoid using it, that VPN is not valuable. 

To ensure VPN use, enable the Always-on and kill switch features that your VPN provider should offer. The Always-on feature ensures your employee’s device always connects to the internet through the VPN server. If that secure connection is lost for any reason, the kill switch feature kicks in and stops traffic to keep your employee safe.

Another common reason remote workers avoid working through a VPN is that they get blocked from websites that interpret them as threats. Proton VPN’s alternative routing(new window) technology allows your employees to bypass most firewalls and VPN blocking methods so they can go about their work unimpeded.

6. Limit access to internal servers

Even if you’re a small business, not all employees need access to all internal resources and databases. This kind of access can be especially dangerous if workers are remote. Set up your VPN to control access permissions.

As the admin of the VPN, you can assign an employee or group of employees to one or more dedicated VPN server IP addresses (also known as ‘gateways’) based on what you want them to have access to. Through this segmentation system, your company’s internal server(s) will recognize and allow access requests from the VPN servers you have configured for that permission, rejecting all requests from any other VPN or regular internet servers.

Beyond giving you flexible, granular control of access, this adds an additional layer of protection: Even if a bad actor obtains the username and password to an internal server resource, they will not be able to access it because their device will not be using the assigned VPN server.

7. Encrypt group calls

With remote work comes remote meetings. Make sure you are protecting those meetings.

Wire(new window) is a group audio and video conference platform that utilizes zero-knowledge encryption similar to the model we use in Proton services. It can host up to 100 users in a meeting at the same time. It is independently audited and open source.

8. Protect employee text messages and emails

Remote employees are more likely to text and email each other than in-office employees are. As a business, you need to protect that remote work product too. 

Signal(new window) is considered the most secure messaging app. It end-to-end encrypts one-on-one messages as well as group messages. It works on both Android and Apple phones, as well as Linux and Windows setups.

Proton Mail(new window) is our email service and the largest end-to-end encrypted email provider in the world. It offers advanced features like expiring(new window) and Password-protected Emails(new window), encrypted search(new window), and productivity features like snooze(new window).

Remote employee security checklist

People are usually the weakest link in the security of any system, including your organization’s network. Phishing attacks are designed to take advantage of this fact. To mitigate this, we recommend regular security trainings and reminders.

Below is a security checklist you can share with your employees and modify to suit your workplace as needed.

Use your work device securely

• Keep non-essential applications off your work device and secure it when not in use, even at home.
• Lock your device screens with strong passwords any time you are not using them.
• Report lost or compromised devices immediately to ensure sensitive data is secured.
• Turn off Bluetooth if you’re not actively using it.

Data encryption

• Encrypt the hard drives of your work devices to safeguard sensitive data.
• Activate encryption systems on Android, iOS, macOS, and Windows devices and securely store the recovery codes.

Encrypted communications

• Use Proton Mail for private and secure communication.
• Set expiration dates for sensitive messages to enhance privacy.

Update your software

• Keep all operating systems, programs, and applications up to date. New software versions often contain patches for security vulnerabilities.

Strong passwords

• Use strong, unique passwords (at least 16 characters) for each account.
• Utilize a reputable password manager for password management.

Two-factor authentication

• Enable 2FA on all accounts to add an extra layer of protection.
• Use an authenticator app such as the one built into Proton Pass(new window) rather than SMS or other less secure forms.

Secure network access

• Avoid sending sensitive information through unsafe external applications.
• Connect to your work computer through a VPN with secure protocols for added security.

Secure home WiFi network

• Change the default password on your home WiFi router to a strong, unique one.
• Enable encryption, preferably WPA2, on your home WiFi to prevent unauthorized access.

VPN usage

• Connect to your company’s VPN when accessing company resources.

Video conference security

• Ensure no sensitive information is visible during video conferences or screen sharing.
• Password-protect all conference calls to prevent unauthorized access.

Stay alert for social engineering and phishing attacks

• Never click links, download attachments, or scan QR codes from unknown or unexpected senders.
• Refrain from sharing screenshots of video conferences or sensitive information on social media.