Security tips for remote working

Multi-factor authentication (MFA) is one of the best ways to protect your accounts from cybercriminals.

MFA adds an extra layer of security. You need 2 or more steps to verify your identity before you can log in. For example, using your login details as well as an authentication code.

You should turn on MFA where possible, starting with your most important work accounts.

Learn more about multi-factor authentication.

A passphrase is a more secure version of a password. They have 4 or more random words like ‘crystal onion clay pretzel’. Passphrases are easy to remember but hard for a cybercriminal to guess.

Create passphrases that are:

• long (14 characters or more)
• unpredictable (a mix of 4 or more random words)
• unique (use a different passphrase for each account).

Don’t include personal details or share your passphrases with anyone, including people you work with.

You can use a password manager to create and manage strong passwords and passphrases. There are many secure options available for both companies and individuals.

Learn more about passphrases and password managers.

Lock your computer, laptop, tablet or phone whenever you leave it unattended. Even if it is only for a short period. Make sure your devices are set to automatically lock after a short time (less than 5 minutes).

You should be careful of who has access to your devices. Don’t share your devices with anyone. They could expose and delete important information, or infect the device with malware.

Avoid using removable media to transfer files between devices. Portable storage devices such as USB drives are easy to lose, steal or infect with malware.

Use secure methods of file transfer such as cloud storage. Your workplace may already use this for online file management. If you don't have this option, you should encrypt your storage device with a strong passphrase.

Regular updates are crucial for keeping your devices secure. Cybercriminals hack devices by using known weaknesses in systems or applications. Updates have security upgrades to fix these weaknesses.

Make sure your devices and software are up to date. Check automatic updates are on and install updates as soon as possible. The longer you leave it, the more vulnerable you could be to a cyber attack.

Updates may not be available if your device or software is too old. In this case, you should consider upgrading to a newer product to stay secure.

Learn more about updates.

Make sure to secure your Wi-Fi network and router to prevent unwanted access. Cybercriminals will target weaker networks, putting your sensitive data at risk.

To improve your network security you should:

• change your default Wi-Fi network name and password
• change your router’s default username and password
• use the strongest Wi-Fi encryption available
• keep your router up to date
• disable remote management and Universal Plug and Play
• enable guest Wi-Fi.

Learn more about how to secure your Wi-Fi and router.

Public networks are convenient but can also be unsecure. Cybercriminals will target public networks to gain access to your sensitive information. If you are working in public spaces such as an airport or café, avoid using their Wi-Fi.

Only use trusted networks such as your home Wi-Fi or your personal hotspot. Where this isn’t an option, think twice about what you share or access on a public network.

Learn more about connecting to public Wi-Fi and hotspots.

A virtual private network (VPN) can help protect you when using a public network. VPNs hide your identity and activity from other users on the same network. But it won’t protect you from threats such as malware, phishing or software security flaws.

If you need to use a VPN, check with your workplace on how to use one securely. Not all VPNs offer the same security, so make sure you choose a reputable VPN provider.

Avoid accessing sensitive information when in public locations. You could expose confidential work and customer details to anyone passing by. You should access this type of information when in a private or trusted location.

Check what your workplace requirements are on information security and privacy.

A backup is a digital copy of your important data such as documents and emails.

If you lose your data, you can use a backup to restore it. You can create backups using the cloud or an external hard drive. Without a backup, you may not be able to recover your data if you fall victim to a cyber attack.

You should back up data that is most important to you and your workplace, if not against company policy. You can turn on automatic backups to reduce the risk.

Learn more about backups.

You should have different user accounts for work and personal use. If a cybercriminal gains access to your personal account, your work files may still be secure.

Avoid using an admin account for everyday tasks such as emailing or web browsing. A standard user account limits access to files, programs and settings on your device.

Learn more about how to secure your user account.

Cybercriminals can use scams to trick you into compromising yourself or your workplace. Common scams may include asking you to:

• send money or gift cards
• open malicious links or attachments
• reveal sensitive information such as passwords.

Scammers often pretend to be a person or organisation you trust. Be aware that scammers can mask their name and number to appear like the real one.

To avoid falling victim to a scam you should:

• use caution if you’re asked to do something with urgency or to log into a website
• avoid opening links or attachments you didn’t expect or from someone you don't know
• check for spelling errors in the email or website address
• contact the sender in another way such as through an official website or in person.

Be wary of emails asking you to change your bank account details or make urgent payments. This could be a sign of business email compromise.

Learn more about scams and business email compromise.

Take extra precautions when using web conferencing tools. This will help stop cybercriminals or unwanted guests from having access to your meetings.

When conducting online meetings be aware of:

• any unidentified participants
• your surroundings and conversations
• what you share on screen.

Make sure the web conferencing system you use has good privacy, security and reputation. Check if your workplace has an approved service provider.

Learn more about web conferencing security.