Work from Home Security Practices for Everyone
Here are some tips and best practices on how to secure yourself and your business when working from home… or just about anywhere else!
In 2020 the Covid-19 global pandemic resulted in many countries going into lockdowns to prevent the spread of the virus which meant that thousands of people found themselves forced to work from home. This shift made it clear to many organisations that working from home was possible and has resulted in many people continuing to do so or having more flexible working arrangements. So, as we adjust to this new way of living and working, what are the basics you need to know to keep yourself and your confidential or sensitive information safe? Making sure you’re aware of your organisation’s security policies and what this means for you is the best place to start.
It’s a good idea to give yourself a dedicated workspace to keep your working and home life separate. You should keep this space a “no-play” zone and avoid letting others use your dedicated space where possible, that way no one will stumble across anything they’re not supposed to and there is less chance of anything important suffering damage.
Keep all your sensitive documents stored in a safe place and lock them away if you can. If you need to dispose of any company documents, make sure you check with your organisation’s policies for the correct procedure, otherwise shredding them with a cross-cut shredder is recommended. “Dumpster Diving” is a common tactic used to get hold of sensitive information.
Make sure all your devices are protected by a hard to guess password or PIN number that meets any requirements in your organisation’s policies. When you’re not using your device – even if you’re just stepping away for a few minutes, make sure you lock the screen so it can’t be accessed by unauthorized persons.
Never use your internet browser to remember your passwords. If you need help remembering all your passwords, the best idea is to use a password manager approved by your organisation to safely store and retrieve your passwords. Passwords should be long and every account should have its own unique password – password re-use is one of the most commonly exploited avenues attackers use to gain access to multiple accounts.
Make sure all the software, apps and communication mediums are approved by your organisation. It’s never a good idea to communicate company information with your colleagues via social media or unapproved messaging apps or email addresses. Sending company communications from your personal email or sending company information to your personal email account is a security risk and should not be done under any circumstances.
How much do you know about phishing emails and social engineering? Using email and these two methods are the most common way cyber criminals are able to gain access to your accounts and your devices. Your organisation may have a cyber security training program for their employees for your to complete and ramp up your own awareness, or you can read more about social engineering here.
Your organisation’s work resources and applications should only be accessed on approved devices and not on your personal device. This is also a great way to keep your work life and your home life separate. When working remotely, most organisations will require you use a Virtual Private Network or VPN to connect to their network when you’re not on site. This creates a secure, encrypted tunnel for you to access work resources without eavesdroppers or interceptors being able to read any information.
Keeping your devices and applications updated will mean that they will have the latest security patches installed. Check with your organisation’s policy on updates and enable auto-updates where possible so you don’t have to worry about remembering. Making sure you have a good anti-malware software running on your devices performing regular scans will reduce the likelihood of your device becoming infected with malicious software such as viruses.
There are many ways to store documents and your organisation will specify how they would like you to manage this. You may be using a cloud-based storage service or you may store devices locally on your device. Your organisation may have its own back-up systems in place and it pays to check if you need to complete your own backups regularly, and what type of backup this should be to avoid losing your work.
If one of your colleagues requests something from your via email or over message, such as sensitive information or transferal of funds, it’s a good idea to verify their request by giving them a call – since you might not just be able to pop over to their desk and ask them! It’s always better to be safe than sorry.
If you have smart speakers or other devices in your home that are able to listen to or record audio or video, move these out of your workspace or make sure cameras aren’t directed at your screen or keyboard. Ensure any work-related phone calls are taken in private areas where there is little chance of someone else listening in.
When you’re out and about carrying out work-related tasks, using publicly available Wi-Fi, such as in a library, is a security risk. Your organisation may supply you with a mobile network device or provide guidance as to their preferences in their policies.
Remember, if you’re experiencing technical issues, the best idea is to contact your organisation’s helpdesk or IT service provider. That way any changes can be made in an approved and secure manner. Finally, and most importantly, if you come across anything you find suspicious, report it straight away to your direct manager or to your IT Security team.