Staying secure while working from home

Working from home is convenient, and even necessary as part of a business continuity plan, but isn’t necessarily as safe for the services and data you’re accessing remotely.

Some security measures that are in place at your workplace, may not be in place on your home network. These include security measures such as web filtering, firewalls and data encryption. If you’re planning on working from home, talk to your IT team about your company’s policies and the options available to you. They may have some restrictions, or steps they’d like to take before they give you access to the company network remotely.

Below are our tips to stay secure while working remotely:

Only use WiFi you trust

Use a trusted WiFi such as your home network, rather than a shared space WiFi, such as a library, airport or café WiFi. Attackers can intercept traffic in public WiFi using an attack called person-in-the-middle (or sometimes man-in-the-middle), where they read or change, the data you’re sending across the WiFi.

Physical security

If you have to work in a shared area, be aware of who’s around you and make sure people aren’t ‘shoulder surfing’ and watching you enter information over your shoulder. See if your work will provide you a privacy screen that will make this much harder. When having a phone call, check who’s within hearing range and avoid talking about confidential information. Keep your devices in your possession/ control at all times. If you have to step away from your device, lock it and make sure it requires a strong password to unlock.

Virtual private networks (VPN)

Use a virtual private network (VPN) when connecting to your work’s network. This creates an encrypted tunnel between your computer and your work’s network protecting the files and data you’re accessing from your home network.

Use a device provided to you from your organisation rather than a personal one, if possible. If you’ve set up a guest network on your home router, add your work’s device to the guest network.

Secure your home network

 

Enable two-factor authentication

Systems that require access from the internet, particularly important ones such as work-related systems, email or messaging apps, need to be protected. Enabling two-factor authentication makes sure that attackers can’t get in if they’ve guessed your password or stolen your credentials.

Business communication

Even while working from home, you’ll need to communicate with your team and others. Check which options have end-to-end encryption before choosing a tool to use. This applies for both your messaging options and any video conferencing you need to use for meetings. If the system you use doesn’t offer this – consider changing or make sure everyone knows to avoid sharing or talking about sensitive information. This is any information you wouldn’t want made public.

More vigilant about unexpected emails

Be extra cautious about suspicious emails when on your phone. If you weren’t expecting a particular email, ignore it and look at it once you’re on a desktop computer. That way it’s easier to hover over the links, and check the ‘sent’ address.

Our usual best practices still apply when working remotely:

  • Use a long password or passphrase, that you haven’t used elsewhere, to access any system.
  • Update your operating system and check that the software or apps that you’re using are up-to-date as well.
  • Make sure you have antivirus installed and are running regular scans.

 

NCSC have released some advice for organisations who are planning to have staff, or more staff work from home.

Working remotely: advice for organisations and staff