The Most (& Least) Cyber-Safe States for Remote Work

Nearly one in five Americans have traded the office cubicle for the couch or coffee shop, and if Upwork’s crystal ball is right, we could soon see an 87% surge in remote roles compared to pre-pandemic days.

But as more teams go remote-first, cybersecurity and internet reliability remain top priorities. Matt Moore, CTO and co-founder of Chainguard, captures the dual-edged sword perfectly:

"Remote work has unlocked incredible opportunities—companies snag top talent no matter the zip code, and workers finally get to balance family, health, and hobbies. That said, remote work does introduce new security challenges.”

"How do you confidently verify someone’s identity or residency when AI-driven deepfakes are making video interviews look about as trustworthy as a TikTok filter? We’ve seen cases of foreign adversaries posing as tech workers, and with AI-driven deep fakes becoming more sophisticated, even video calls are becoming less reliable for authentication.”

And let's not forget the price tag—IBM Security and Ponemon Institute peg the average global data breach at a whopping $4.45 million, often spiking even higher when remote work complicates the picture.

Thankfully, Indusface, an application security SaaS company that secures critical Web, Mobile, and API applications, has done the homework for us. Their latest findings reveal which states will be the safest for remote employees in 2025 based on scam rates, overall scam costs, and internet speeds.

Most Secure States for Remote Work

North Dakota is a surprising frontrunner, scoring 9.0 out of 10. What sets it apart is a balanced blend of low scam incidence (22.5 per 10,000 residents) and robust connectivity. Its median download speed clocks in at 210.37 Mbps, coupled with an upload speed of 68.79 Mbps, enabling efficient video calls and data transfers. The Peace Garden State also boasts a latency of 26 ms, fostering a stable online experience crucial for remote collaboration.

Tied for second place are Mississippi and Nebraska, both earning an 8.8/10. Mississippi distinguishes itself by having one of the country’s lowest scam costs, at $25.8 million, and a relatively low scam rate of 20 per 10,000 residents. Its internet speed is nothing to scoff at, with a median download of 177.39 Mbps, though Nebraska edges it out at 199.43 Mbps.

However, even in states with lower scam costs, ransomware attacks have grown by 13% year-over-year, per SonicWall’s Cyber Threat Report. And they often hit remote work setups first.

What Do These Stats Tell Us?

From an operational standpoint, these numbers underline a key lesson: robust infrastructure and effective cybersecurity measures are critical. 

As remote employees become more dependent on local networks—whether public Wi-Fi or home internet—organizations must assume some level of vulnerability in endpoint devices and plan accordingly. A solid endpoint security strategy with frequent automatic updates is the first line of defense. 

“From my perspective,” says Corey Nachreiner, CISO at WatchGuard Technologies, “This trend of remote work that has risen in popularity in recent years comes with risk. Remote work changes the location of important digital assets, leaving companies open to vulnerabilities and cyberattacks. Keeping outdated software as part of a company’s tech stack significantly increases the risk of a cyberattack. Utilizing multi-factor authentication adds a layer of security.” 

He suggests adopting Secure Access Service Edge (SASE) solutions to support hybrid work environments, emphasizing that “SASE is an unintuitive industry acronym that describes a combination of cloud-centralized security services. It includes Firewall as a Service and zero-trust network access. Outsourcing some or all security to managed service and managed security service providers (MSP/MSSP) ensures 24/7 proactive monitoring.”

Over 50% of large enterprises are either adopting or planning to adopt a Zero Trust framework within the next year, according to Gartner Forecast Analysis: Information Security and Risk Management.

Practical Steps for Safeguarding Remote Teams

Ultimately, the data reveals that certain states have carved out a strong foundation for remote work. But no location is entirely immune to digital threats. Maintain a multi-layered defense strategy and train employees to stay vigilant to create the safest remote work environment possible.

Here are ten steps to get you started:

1. Limit System Access
   • Restrict privileges to critical systems and sensitive data.
   • Assign permissions based on the principle of least privilege.
2. Implement Multi-Factor Authentication (MFA)
   • Require additional verification (e.g., SMS, token, or app-based codes) beyond just passwords.
   • Regularly remind employees to use secure devices for receiving MFA prompts.
3. Test for Privilege Escalation Vulnerabilities
   • Conduct gray box testing to simulate attacks from partially informed insiders.
   • Validate user roles to ensure that no unnecessary or excessive privileges exist.
4. Run Periodic Scans for Network and Application-Level Weaknesses
   • Use vulnerability scanners to uncover common misconfigurations and outdated software.
   • Schedule these scans regularly (e.g., monthly or quarterly) to catch newly discovered threats.
5. Educate Employees on Phishing and Vishing Threats
   • Provide ongoing training about spotting fake emails, calls, or text messages.
   • Encourage reporting suspicious communications to a designated security channel.
6. Maintain Separate Credentials for Work and Personal Use
   • Require employees to use unique passwords for each account.
   • Reinforce this policy with regular reminders and password manager recommendations.
7. Keep Devices and Routers Patched
   • Roll out updates and security patches promptly—both for company and employee-owned devices.
   • Advise employees to change default router passwords and update firmware regularly.
8. Deploy a Web Application Firewall (WAF)
   • Filter malicious HTTP traffic before it reaches your applications.
   • Enable virtual patching for a temporary safeguard if a permanent fix isn’t immediately available.
9. Encourage Quick Reporting of Suspicious Emails
   • Implement tools (like “Report Phishing” buttons) to simplify reporting.
   • Provide a clear process for forwarding potential threats to your security team.
10. Adopt a Multi-Layered Defense Strategy
    • Use endpoint security, application security, and network security tools in tandem.
    • Continually train employees to reinforce cybersecurity awareness.

Armed with these practical steps—and inspired by the states excelling in speed and scam prevention—organizations can confidently embrace a safer remote-work future in 2025.

Subscribe to The CTO Club's newsletter for more cybersecurity tips, tools, and best practices.