Monday, 30 March 2020

5 Security Tips When Working From Home

Some of us have always had the flexibility of working from home whereas others have had it forced upon them due to current circumstances.

Some of us have always had the flexibility of working from home whereas others have had it forced upon them due to current circumstances.

In the rush to get teams working from home, security of your business data could easily have been overlooked. Remote working doesn’t always offer the same levels of protection that you enjoy in the office but there are also some things you should be mindful of wherever you are working from.


That’s why we’ve put together the top 5 things to consider to help keep your colleagues and data safe. Now’s the time to claw back some control of your IT security.

1. Secure Home Wifi Networks

Aside from whether home WIFI is always stable or fast enough for business use, from a security point of view the key thing to ask is, how secure is that network? You would not give out the password to your office WIFI to anyone but by adopting homeworking, you have effectively made colleagues' homes an extension of your business network.

Who has the password to the router now potentially being used to access your data? Is that password easy to guess?

It’s good practice for everyone to change the default password on any device that can connect to the internet, including routers, and to also ensure that the new password is not something easily guessed.

2. Password Best-Practice and Two-Factor Authentication

Speaking of passwords, now’s the time to ensure that strong passwords are being enforced and not reused for multiple accounts. Passwords should also not be shared amongst employees.

They shouldn’t be too short. You should avoid children’s, partner’s and pets’ names and not be your football team which will be easy to guess. Current advice is that a passphrase should be used. This is a series of random words and numbers. An example would be Scampi20Vacuum68Result (though, please don’t use that one…it may already be in use!)

Better still, use two-factor authentication (or 2FA). This typically means using specialist software that sends a code to a device, usually a mobile phone, when you are logging into apps and websites. You’ll likely be familiar with the technology through your bank but just about every reputable website and application offers you this extra layer of security which gives you additional peace of mind even if your password has been compromised.

3. Increase awareness of malicious email

Criminals love a crisis so you can expect a rise in their attempts to get you to send money to the wrong place, disclose personal information or click on links that deliver bad things to your computer.

With everyone working in different places, it may be easier for them to coerce people to react to requests for information or instructions to transfer money etc. but you should always stop and think before doing anything if you have the slightest hunch that something is suspicious. It really is better to be safe than sorry and it is still possible to pick up the phone and check that the email from a colleague is legitimate. The same applies to a supplier or customer.

Be especially cautious of emails relating to Covid-19 and Coronavirus. Criminals will prey on fear and panic and, already, over 90% of security breaches start with an email.

4. Secure all devices accessing your data

In the office, most people will be using computers supplied by their employer. Is that always going to be the case at home? Probably not and currently there will be more personal computers accessing company data than ever before. This presents a huge security risk to businesses that should not be underestimated.

In the office, the business or the IT provider should have a grip on things like antivirus (AV) and patching (commonly known as software updates). However, this is unlikely to be the case with domestic devices now being used to access even the simplest of things like email.

You should ensure that every device that can access your data has up to date AV and that all software is updated to the latest version. This also applies to mobile devices.

Simply put, devices running operating systems and software that are no longer supported and out of date are easy targets for criminals looking to breach these vulnerabilities.

5. Continue to be careful on social media

We’ve already seen a lot of photos being posted on LinkedIn, Facebook and Twitter where people have been showing off their new working arrangements at the kitchen table or their home office.

Unfortunately, way too many of them have also shown off potentially sensitive data on monitor screens, too.

Working from home or otherwise, you should always be careful what you post on social media and should regularly review the privacy settings of the sites you use. The providers want you to share as much personal information as possible as they can sell that data and, therefore, by default a lot of your information is available to other users too. Lock down as much information as you can.

When posting, be mindful of what you are saying and always question if that information could be used maliciously.

Consider this – a lot of security questions on websites and apps still ask things like, “What is your Mother’s Maiden Name?” and “What is the name of the street you grew up on?”. Is that kind of information already freely available with a bit of digging on your Facebook page?

If you’d like to gauge how good security generally is within your business, we’ve put together a free 12-point checklist that covers all the main areas. You can request your free copy here…

Or, if you are finding your IT Support or systems are not delivering the way you need them too, we are able to help you. Please call on the team on 0808 164 4142 and we’ll help you get you working like the rest of our customers.