The risks
If you’re planning on working from home, talk to your IT team about your company’s policies and the options available to you. They may have some restrictions, or steps they’d like to take, before they give you access to the company network remotely.
This is because some of the security measures at your workplace may not be on your home network or a public network. These include things like web filtering, firewalls and data encryption.
If you freelance or work for yourself, you'll need to set up extra protections yourself.
How to protect yourself
Only use WiFi you trust
Use a trusted WiFi network, for example your home network or your mobile hotspot (with a strong password), rather than the public, shared WiFi at a library, airport or café.
Attackers can intercept traffic in public WiFi using an attack called person-in-the-middle (or sometimes man-in-the-middle), where they read or change the data you’re sending across the WiFi.
Where possible, try to only visit HTTPS secured websites when you're out and about – they're encrypted unsecured websites. Many apps use HTTPS but some don't – because it's difficult to tell the difference, it's best not to use them on public WiFi.
Check your physical security
If you have to work in a shared area, be aware of who’s around you and make sure no one's 'shoulder surfing' and watching you enter information. Consider getting a privacy screen to make this much harder.
If you're on the phone, check who’s within hearing range and don't talk about confidential information. Keep your devices with you at all times. If you have to step away from your device, lock it and make sure it requires a strong password to unlock.
Virtual private networks (VPN)
Use a virtual private network (VPN) when connecting to your work’s network. This creates an encrypted tunnel between your computer and your work’s network, protecting the files and data you’re accessing from your home network.
Use a device your organisation gives you rather than a personal one, if possible. If you’ve set up a guest network on your home router, add your work’s device to the guest network.
Enable two-factor authentication
Two-factor authentication gives you an extra layer of protection so that attackers can’t get in if they’ve guessed your password or stolen your credentials.
Use two-factor authentication to protect your accounts
Use encrypted tools for communication
Check which options have end-to-end encryption before choosing a tool to use to keep in touch with workmates or clients. This applies for instant messaging and any video conferencing you need to use.
If the system you use doesn’t offer this, for example SMS text messages – consider changing or make sure everyone knows to avoid sharing or talking about sensitive information. This is any information you wouldn’t want made public.
Be vigilant about unexpected emails
If you are working remotely from your phone, be extra cautious about suspicious emails. If you weren’t expecting a particular email, ignore it and look at it once you’re on a desktop computer. That way it’s easier to hover over the links, and check the 'sent' address.
Top tips for online security
Our usual best practices also apply when working remotely:
- Use a long password or passphrase, that you haven’t used elsewhere, to access any system.
- Enable two-factor authentication on key accounts.
- Update your operating system and check that the software or apps that you’re using are up-to-date as well.
- Make sure you have antivirus installed and are running regular scans.
Top 11 tips for online security
Get help
If you’ve experienced an online security issue, your first step is to contact the service provider.
You can also report an online issue or security incident to us at CERT NZ.