Since the outbreak of Covid-19, the world of work has seen a significant shift in patterns and practices. The pandemic accelerated the adoption of hybrid work arrangements, but many organisations have continued to embrace remote work. According to the Office for National Statistics (ONS) 2023, 44% of UK workers work from home. This comprises 16% of full-time remote workers and 28% of hybrid workers, who strike a balance between their home and the office.
In this evolving landscape, it is common to assume that working from home automatically means a more secure environment. However, as personal and work devices increasingly blur the lines between our professional and personal lives, daily activities such as responding to work emails, accessing sensitive company data, and communicating via personal devices has led to an increase in security threats.
The shift in work dynamics prompts us to ask a crucial question: Are you inadvertently compromising your company's security measures by using personal devices or connecting to untrusted Wi-Fi networks?
To address this question and provide valuable advice, we turned to Katie Barnett, our Director of Cyber Security.
Working from home can leave us far more vulnerable to cyber-attacks without the security protections that office systems provide – such as firewalls and a secure working environment, but there are some simple steps you can take to help increase your online safety.
Online Security Measures
Cybersecurity Basics
Your online security begins with fundamental cybersecurity practices. Start with maintaining strong, unique passwords for your accounts and enable multi-factor authentication where possible. We talk a lot about password hygiene at Toro, but that’s because it is still one of the biggest causes of a breach. If your reason for not having different passwords is because you struggle to remember them, speak to your organisation about getting a password manager.
Secure Your Wi-Fi Network
It is important that you ensure your Wi-Fi network is secure. To do this change your router's default login credentials and implement WPA3 encryption if available. These simple steps will make an enormous difference in securing your Wi-Fi.
Keep Software Up to Date
While it might be tempting to leave your computer on at the end of a long workday, taking a moment to power it down can be crucial. This allows for essential updates to your operating system and software applications, which often include important security patches to shield you from emerging threats. It’s also important to keep your home computers up to date, especially if you are using them as part of your work.
An engineer working at LastPass failed to keep a piece of 3rd party software (completely unrelated to his work) updated on his computer which provided attackers with a way in. Attackers installed a keylogger on his computer which allowed them to capture the employee’s master password and gain access to the DevOps engineer’s LastPass corporate vault. The repercussions of this incident continue to impact LastPass and its customers.
Embrace the Power of VPN (Virtual Private Network)
A Virtual Private Network (VPN) encrypts your internet connection, making it harder for cyber attackers to intercept your data. So, if you find yourself working out and about in different locations and need to connect to public Wi-Fi, a VPN will be your best friend! Whilst there are free VPN solutions available it is worth speaking to your company to see if they can offer this to you.
Be alert
When you are working from home, try to always have a security mindset, so make sure you continue to be alert for phishing emails or phone calls. Cybercriminals are exploiting remote workers and using well-engineered attacks to gain access to company systems via employees.
In April 2021, a phishing attack targeted home workers using cloud-based software. Workers received an email requesting their signature on a document hosted in Microsoft SharePoint. The email including the SharePoint logo and branding, but the link led to a phishing site designed to steal user credentials and MFA tokens and infiltrate the company’s email and data.
Physical Security Enhancements
As well as protecting yourself online, you also need to think about your physical home office set up and ask yourself is it secure or is it putting both you and your organisation at risk.
Securing your office
Take a moment to evaluate your home security. Do you have sturdy locks on your home and/or office doors? Do you have a home security camera? Do you live in an apartment or flat, if so, are you at risk of the front door being left open?
Fire Safety
Make sure that you have fire detectors and extinguishers in your home. Keep an eye on your electrical equipment – check for wires that are loose or broken and look out for hot plugs or those with dark marks also make sure you don’t overload sockets. Always make sure there’s nothing blocking any doors or windows and that keys are readily available.
Shredding Sensitive Documents
I would recommend investing in a shredder to destroy sensitive documents before disposal. This practice will help prevent unauthorised access to your confidential information and will mitigate the risk of data breaches.
Avoid oversharing
Be aware of who can see your screen and hear your calls. If possible, do not leave any windows open if you are going to have a sensitive conversation. Also ask your organisation to invest in a privacy screen and a headset for you, this is important if you do work in coffee shops or public spaces. Think, if you are working on a train, what can the person sat behind you see on your screen?
Limiting Access
Think about who has access to your home. Do you have a cleaner? Have they been properly vetted? Have you had people into your home to do work e.g. plumbing – was your office and equipment on display?
By implementing these steps, you can work more securely and efficiently from the comfort of your home.
Remember, security is an ongoing process, and one that both you and your organisation is responsible for. If you are ever unsure reach out to your employer and request security training or speak to your IT (Information Technology) department.