Stay secure when working remotely
When you access sensitive information remotely – whether it's from home, from a cafe or from a shared workspace – you need to have strong security protections in place.
The risks
If you’re planning on working from home, talk to your IT team about your company’s policies and the options available to you. They may have some restrictions, or steps they’d like to take, before they give you access to the company network remotely.
This is because some of the security measures at your workplace may not be on your home
a group of connected devices A set of rules that prevents specific content from the internet being displayed on a device or network. A piece of software that enforces rules about what data a device can send or receive. Often used to prevent malware from entering a device or network.
If you freelance or work for yourself, you'll need to set up extra protections yourself.
How to protect yourself
-
Only use WiFi you trust
Use a trusted
network, for example your home network or your mobile hotspot (with a strong password), rather than the public, shared WiFi at a library, airport or café.A wireless network, usually for connecting devices to the internet in a home or business. Short for 'wireless fidelity'.
Attackers can intercept traffic in public WiFi using an attack called person-in-the-middle (or sometimes man-in-the-middle), where they read or change the data you’re sending across the WiFi.
Where possible, try to only visit
secured websites when you're out and about – they're encrypted unsecured websites. Many apps use HTTPS but some don't – because it's difficult to tell the difference, it's best not to use them on public WiFi.a secure method (or protocol) for moving data between devices over the internet. Short for 'HyperText Transfer Protocol Secure'.
-
Check your physical security
If you have to work in a shared area, be aware of who’s around you and make sure no one's 'shoulder surfing' and watching you enter information. Consider getting a privacy screen to make this much harder.
If you're on the phone, check who’s within hearing range and don't talk about confidential information. Keep your devices with you at all times. If you have to step away from your device, lock it and make sure it requires a strong password to unlock.
-
Virtual private networks (VPN)
Use a
when connecting to your work’s network. This creates an encrypted tunnel between your computer and your work’s network, protecting the files and data you’re accessing from your home network.A way of connecting to the internet that hides where you are when you connect.
Use a
your organisation gives you rather than a personal one, if possible. If you’ve set up a guest network on your homeYour phone, tablet, or computer.
, add your work’s device to the guesta device that connects other devices to the same network, often paired with a modem to connect to the internet.
.a group of connected devices
-
Enable two-factor authentication
Two-factor authentication (
) gives you an extra layer of protection so that attackers can’t get in if they’ve guessed your password or stolen your credentials.A security setting that needs an extra piece of information, such as a text code or fingerprint, to log into your account. Short for 'two-factor authentication'.
-
Use encrypted tools for communication
Check which options have
before choosing a tool to use to keep in touch with workmates or clients. This applies for instant messaging and any video conferencing you need to use.A system where your data is encrypted when it is sent and decrypted when it arrives, so it can't be read in transit.
If the system you use doesn’t offer this, for example
text messages – consider changing or make sure everyone knows to avoid sharing or talking about sensitive information. This is any information you wouldn’t want made public.text message. Short for 'Short Message Service'.
-
Be vigilant about unexpected emails
If you are working remotely from your phone, be extra cautious about suspicious emails. If you weren’t expecting a particular email, ignore it and look at it once you’re on a desktop computer. That way it’s easier to hover over the links, and check the 'sent' address.
-
Follow our top tips
Our usual best practices also apply when working remotely:
- Use a long password or
, that you haven’t used elsewhere, to access any system.
a string of random words (sometimes including numbers and punctuation) put together to create a memorable password.
- Enable two-factor authentication on key accounts.
- Update your operating system and check that the software or apps that you’re using are up-to-date as well.
- Make sure you have
installed and are running regular scans.
Software designed to find and remove viruses from your device, and stop new ones getting in.
- Use a long password or
Get help
If you’ve experienced an online security issue, your first step is to contact the service provider.
You can also report an online issue or security incident to us at the NCSC.