Many more of us are working from home and while it has many advantages, there are cyber security risks to consider.
Cyber security is about protecting our valuables in the ‘cyber’ world from digital attacks – including physical devices like desktop computers and mobile devices that are connected to the Internet, and the files, data, images or financial information stored on them.
What’s the risk?
Cyber criminals look for weaknesses in your device security and human behaviour to try and steal business data, files and financial information.
The results of cyber attacks can be devastating for you, your employer, customers and clients – leading to legal action, financial penalties, and a loss of trust and reputation.
Cyber criminals can target any size or type of business at any time. So whether you’re one of thousands of employees, or you’re a sole trader, the following advice can help you work securely at home:
Follow the policies
Most organisations will have an IT policy and a homeworking policy in place. Ask for guidance on using business–owned devices at home, particularly if you need to use your own Wi-Fi or broadband to connect to a network. Learn what to do and who to contact if you suspect a cyber security breach.
Using your own device?
If you use your own device to enable you to work from home, keep private activities to a separate device if possible, or create a separate account on your personal desktop or laptop just for work. Don’t use old devices that can no longer be updated, as they will be at a higher risk of attack.
Keep your devices up to date with the latest software and application updates. Each of your devices - desktops, laptops, tablets and smart phones - will usually give you a notification to tell you when software or an app is ready to be updated. Don’t ignore this message and enable automatic updates so you can’t forget.
Use proper passwords
Make sure you’re using secure passwords. We recommend combining three random words to help you remember.
Consider using password manager apps, or store passwords on your web browser.
Use 2 Factor Authentication (2FA) for online accounts where available as this adds a second level of security. Even if your password was compromised an attacker would still not be able to log into your online accounts.
Secure your software
Only use approved software, and only download and install it from trusted sources.
Make sure your anti-virus and firewall software is running and automatically updated.
Backup data
Back up important data - make sure that important files are backed up in case something happens to your device. If your organisation already provides you with access to cloud storage, you should use this. If not, you should speak to whoever handles your IT about setting something up. Don’t back up your organisation's data to your personal storage spaces.
Secure your Wi-Fi
Make sure your Wi-Fi network is secured with a strong password and using WPA2 security encryption. Contact your Internet Service Provider (ISP) for more information on how to do this.
Spot the scammers
Beware of phishing emails and know how to spot a dodgy email or text. If you get an unexpected message asking you to click on a link, download an attachment, or phone a number, it’s probably a scam – see our advice on smishing.
Family (un) friendly?
Don’t let family members use your work device – keep your laptop closed and locked out of sight, or at the very least, lock your screen with a password. Do the same for any mobile devices or tablets.
Ensure that any work-related notes or printed materials are secured in line your organisation’s policy.
Useful resources
- NCSC: guidance on Secure Home Working
- NCSC Cyber Security Training for Staff (Interactive Training)