Sign in Subscribe
Latest issue

Remote Work Security Checklist: Protecting Your Maryland Business from Home Office Risks

Remote Work Security Checklist: Protecting Your Maryland Business from Home Office Risks
image source: https://pixabay.com/illustrations/list-notes-icon-plain-design-2828012/

Security incidents at home don't look like dramatic movie hacks.

They look like stepping away from your laptop during a delivery. Leaving it unlocked while you grab coffee. Letting your teenager "just check one thing." Your work device sitting on the kitchen counter where anyone walking by can see your client data.

These ordinary moments—repeated over time—are how work devices end up compromised.

At Lewis IT, we help Maryland businesses understand that a laptop doesn't become "less secure" at home. But the environment around it absolutely does. And that changes everything about how you need to protect it.

Why Home Is a Different Security Environment

In the office, security has built-in advantages:

  • Controlled physical access
  • Managed networks
  • Fewer casual touchpoints
  • Office culture quietly enforcing security habits

At home, your laptop operates in a space designed for convenience, not control:

  • Family members nearby who might "just borrow it for a second"
  • Visitors who can see your screen from across the room
  • Devices moving from room to room, left unattended
  • Home Wi-Fi with default passwords shared with everyone who's visited
  • Personal and work life colliding in messy, very human ways

As CISA emphasizes in their device safety training: keep devices secured, limit access, and lock them when you're not using them. These simple habits matter more at home because there's no office environment quietly enforcing them for you.

The UK National Cyber Security Centre is blunt about it: don't let other people use your work device, and don't treat it like the family laptop.

Lewis IT has investigated numerous security incidents for Maryland businesses where the breach originated from compromised home devices—and in almost every case, basic security fundamentals were missing.

The Lewis IT Remote Work Security Checklist

Use this checklist as your "minimum standard" for company devices at home. Lewis IT designed it to be practical, repeatable, and enforceable without turning everyone into part-time IT employees.

1. Lock the Screen Every Time You Step Away

The Risk: Unattended, unlocked devices expose emails, client data, financial information to anyone walking by—family members, visitors, delivery personnel.

Lewis IT Implementation:

  • Set auto-lock timer to 5 minutes maximum (2 minutes for sensitive roles)
  • Train muscle memory: Windows Key + L (Windows) or Control + Command + Q (Mac)
  • Make it non-negotiable company policy
  • Configure Group Policy or MDM to enforce auto-lock settings

Why It Matters: Takes 2 seconds to lock, prevents hours of incident response if someone accesses your device.

2. Store Laptops Like They're Valuable—Because They Are

The Risk: Devices left on couches, kitchen counters, or in cars are vulnerable to theft, damage, and unauthorized access.

Lewis IT Best Practices:

  • When working: Keep device in sight or locked room
  • When finished for day: Store in secure location (locked drawer, home office, bedroom)
  • Never leave in car: Even "just for a minute" in a parking lot
  • During travel: Carry on luggage only, never check laptops

Why It Matters: The data on that laptop—client information, financial records, credentials—is worth far more than the hardware.

3. No Sharing Work Laptops with Family—Ever

The Risk: Well-meaning family members accidentally click malicious links, install risky software, or expose company credentials.

Lewis IT Policy:

  • Work devices are for work only—no exceptions
  • No "just checking one thing" for family members
  • Children especially cannot use work devices
  • Provide family members with separate personal devices if needed

Real-World Example: Lewis IT investigated an incident where an employee's child installed a "free game" that contained keylogging malware. The malware captured the employee's credentials, leading to a business email compromise costing $45,000.

Why It Matters: You can't control what others might click, download, or accidentally expose.

4. Use Strong Authentication and Enable MFA

The Risk: Weak passwords and no MFA mean stolen credentials grant immediate access to company systems.

Lewis IT Requirements:

  • Passwords: Minimum 14 characters, passphrases preferred ("CorrectHorseBatteryStaple" style)
  • Never reuse passwords across accounts
  • MFA mandatory for all company systems—no exceptions
  • Password manager to handle complexity without sticky notes

Phishing-Resistant MFA for High-Value Accounts:

  • Hardware security keys for administrators, finance, executives
  • Passwordless authentication (Windows Hello, Touch ID) preferred
  • Authenticator apps minimum for standard users

Why It Matters: MFA alone prevents 99.9% of credential-based attacks.

5. Stop Using Devices That Can't Receive Updates

The Risk: Outdated devices with unpatched vulnerabilities become easy targets for attackers.

Lewis IT Policy:

  • If device can't run current OS with security updates, it's not a work device—it's a liability
  • Windows 10 (supported until October 2025), Windows 11 required
  • macOS: Current version or previous two versions only
  • Retirement schedule for aging devices

Why It Matters: Known vulnerabilities are actively exploited—if a patch exists and you haven't installed it, you're an easy target.

6. Enable Automatic Updates and Install Them Promptly

The Risk: Delayed patching leaves known vulnerabilities open for exploitation.

Lewis IT Configuration:

  • Automatic updates enabled for operating system and applications
  • Restart when prompted—don't postpone indefinitely
  • Monthly verification that updates are actually installing
  • IT team monitors update compliance across all devices

Critical Updates: Security patches installed within 48 hours of release for critical vulnerabilities.

Why It Matters: Most ransomware exploits known, patchable vulnerabilities—update installation is your defense.

7. Secure Home Wi-Fi Like It's Part of the Office

The Risk: Weak Wi-Fi security allows attackers to intercept traffic, access shared files, or pivot to work networks through VPN.

Lewis IT Home Wi-Fi Security Checklist:

Change default router admin password (never leave as "admin/admin") ✅ Use WPA3 encryption (or WPA2 minimum, never WEP) ✅ Strong Wi-Fi password (minimum 16 characters, not easily guessed) ✅ Update router firmware regularly (check manufacturer site) ✅ Disable WPS (Wi-Fi Protected Setup—convenient but insecure) ✅ Change default SSID (network name) to something non-identifying ✅ Guest network for visitors (isolated from main network)

Why It Matters: Compromised home network means attackers can monitor all traffic including work VPN connections.

8. Keep Firewall and Security Software Enabled

The Risk: Disabled security tools leave devices exposed to malware, network attacks, and unauthorized access.

Lewis IT Requirements:

  • Windows Firewall or equivalent always enabled
  • Endpoint protection (antivirus/EDR) running and updated
  • Never disable security tools because they "slow things down"
  • If security tools create friction, contact IT for proper configuration—don't turn them off

Why It Matters: Firewalls and endpoint protection are your first line of defense against network-based attacks and malware.

9. Remove Unnecessary Software and Stick to Approved Apps

The Risk: Every installed application is potential attack surface requiring updates and monitoring.

Lewis IT Best Practices:

  • Audit installed software quarterly
  • Remove applications you don't actively use
  • Only install approved business applications
  • Avoid "free" software from untrusted sources
  • No browser extensions unless approved by IT

Why It Matters: Fewer applications mean fewer vulnerabilities to manage and fewer opportunities for something to go wrong.

10. Store Work Data in Approved Company Systems Only

The Risk: Work data in personal cloud accounts, personal email, or local storage isn't protected, backed up, or recoverable.

Lewis IT Data Storage Policy:

  • Company data belongs in company systems: SharePoint, OneDrive for Business, Google Drive (business), approved file servers
  • Never save to: Personal Dropbox, personal Google Drive, personal email, local Desktop/Documents folders, USB drives
  • Benefits of approved storage: Automatic backup, encryption, access controls, audit trails, disaster recovery

Why It Matters: When devices fail, get stolen, or are compromised, data in approved systems is recoverable. Data on personal storage is gone.

11. Verify Before You Click—Especially Unexpected Messages

The Risk: Phishing attacks target remote workers with convincing fake messages.

Lewis IT Anti-Phishing Guidance:

Red Flags:

  • Urgency or pressure ("Confirm now or account will be locked!")
  • Unexpected attachments or links
  • Requests for credentials or financial actions
  • Slight misspellings in sender addresses
  • Generic greetings ("Dear customer" vs. your actual name)

Before Clicking:

  • Hover over links to see actual destination
  • Verify sender through separate, known channel (call them, don't reply)
  • Check with IT if anything seems off
  • When in doubt, don't click

Why It Matters: Phishing is the #1 entry point for ransomware and business email compromise.

12. Only Allow Access from Managed, Healthy Devices

The Risk: Unmanaged personal devices or compromised work devices accessing company systems create security gaps.

Lewis IT Zero Trust Approach:

Microsoft's remote workforce security guidance emphasizes: access should be strongly authenticated and checked for anomalies before it's granted.

Device Health Requirements: ✅ Company-managed device (enrolled in MDM/Intune/Jamf) ✅ Current operating system with latest security updates ✅ Endpoint protection installed and running ✅ Encryption enabled (BitLocker, FileVault) ✅ Screen lock configured and enforced ✅ No jailbreak/root modifications

Conditional Access: Company systems verify device compliance before granting access. Non-compliant devices are blocked automatically.

Why It Matters: You can't protect what you can't manage or verify.

Enforcing Your Remote Work Security Policy

Lewis IT helps Maryland businesses transform this checklist from good intentions to enforced reality.

Technical Enforcement

  • Mobile Device Management (MDM): Enforce security configurations automatically
  • Conditional Access Policies: Block access from non-compliant devices
  • Automated Compliance Monitoring: IT sees which devices aren't meeting standards
  • Security Baseline Templates: Pre-configured settings deployed to all devices

User Training and Communication

  • Clear, simple security policy documentation
  • Regular security awareness training
  • Real-world examples of why each item matters
  • Easy way to report concerns or ask questions

Regular Audits and Reviews

  • Quarterly device compliance reviews
  • Annual policy updates based on evolving threats
  • Feedback from remote workers on what's working
  • Continuous improvement of security vs. usability balance

Are Your Remote Workers "Home-Proof"?

If you want remote work to remain seamless and secure, devices need to be "home-proof" by default.

That means treating fundamentals as non-negotiable:

  • Automatic screen locks
  • Secure storage habits
  • Protected sign-ins with MFA
  • Timely updates
  • Properly secured Wi-Fi
  • Work data in approved locations only

Nothing complicated. Just consistent execution.

Lewis IT helps Maryland organizations standardize these protections across all remote workers, ensuring productivity doesn't come at the cost of security.

Secure Your Remote Workforce: Contact Lewis IT

Ready to implement a comprehensive remote work security program? Lewis IT offers complimentary remote work security assessments evaluating your current policies, device management, and enforcement capabilities.

We'll review your remote work setup, identify gaps in your security posture, and provide a roadmap for implementing practical, enforceable protections that work in real-world home environments.

Email: info@lewisit.io
Phone: 240-784-1221
Website: www.lewisit.io/contact-us

Don't let remote work become a security liability. Contact Lewis IT today and build protections that keep your team productive and your data secure—whether they're working from the office or the kitchen table.

Lewis IT provides comprehensive remote work security solutions for businesses throughout Maryland and the Mid-Atlantic region. From device management and security policy development to user training and ongoing compliance monitoring, we help organizations enable secure, productive remote work without compromising security.

Subscribe to Lewis IT Bin

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe
DigitalOcean Referral Badge