Working from Home – Covid-19

Working from home has become a necessity for some people to help limit the spread of the Covid-19 coronavirus. However, if you are home working you need to know how to protect the organisation’s information and yourself from the risks you face when working remotely.
Security at Home
Our home is often the place we feel most secure, but this can blind us to potential threats. When you are working from home, you are responsible for keeping the organisation’s information and devices safe, just as you would on company premises. Here are some issues to consider and solutions to adopt:
Working from home guidance
- Have a designated work space – try your best to ensure you have somewhere you can sit properly and not be straining your back or neck. Ironing boards could make great adjustable desks!
- Set your hours and try to stick to them
- Separate home and work duties
- Act like you are going to the office – follow your usual morning routine and get dressed!
- Plan virtual meetings – keep up human interaction by scheduling in video calls, conference calls or text conversations
- Have regular screen breaks
- Drink plenty of water – not too much tea and coffee!
- Listen to music if it helps you focus
- Once you’ve worked your hours, switch off your laptop and your brain – try to resist the temptation to keep checking emails all evening, you need a break.
Information security is vital and here are some things to consider:
- Please don’t be complacent about security around information sharing –
- If you are working on anything which may be considered sensitive, make sure you are positioned so no-one else is able to see the screen – including neighbours who may be able to see in a window for example.
- When making phone calls or dialling into conference calls, consider who may be able to hear your conversation and ensure you are somewhere private.
- Do not transfer work from organisation issued laptops to home computers as issued equipment is managed securely and designed for a particular purpose
- Do not leave pads or books with passwords in around the house, keep them stored away as you would in the office
- Ensure you lock your screen every time you leave your laptop and shutdown your laptop properly at the end of the day so no one else in your home can access it
Online security whilst working remotely can sometimes be a little bit relaxed, so follow the below tips in order to improve yours:
- Consider changing your default password on your home router. A google search for “change the default password for a *internet provider* router / home hub” will guide you on the best way to do this.
- General good practice is to power down your home router once a month to ensure that when powered back up they receive important security patches. You can also do this now by switching off then immediately back on again.
- Don’t use personal email addresses or WhatsApp to discuss or send work information.
- Don’t open emails or download attachments from unknown sources
- Ensure you know the contact details for your organisations IT help desk
- If a device is lost or compromised report it to your line manager and IT ASAP
Your mobile phone can harbour more germs than a toilet seat… so here are some phone and equipment hygiene tips:
- Unplug your phone from a power source, turn it off and remove the case
- All the major phone makers warn against using chemicals, hand gels and abrasive wipes as it could damage the screen’s protective coating
- Dampen a microfibre cloth with water and simple household soap
- Gently rub the surfaces of the phone with the damp cloth
- Take care not to get moisture in any of the openings
- Even just using soap and water can effectively remove bacteria and viruses from your phone, heres a quick video showing you how to clean you smart phone safely – www.bbc.co.uk/news/av/technology-51863924/coronavirus-how-to-clean-your-smartphone-safely
Mandate Fraud
Mandate Fraud is one of the most significant financial threats to businesses from cyber criminals. Mandate fraud is when someone gets you to change a direct debit, standing order or bank transfer mandate, by purporting to be an organisation you make regular payments to, for example a business supplier. The criminal will spoof the sender or make it so convincingly accurate that you struggle to tell the fake from the genuine article.

Mandate fraud is fought with cynicism and by challenging any request to change bank account details. This should be done on a number that you trust which is not from the digital communication you are checking.
Find out more at Action Fraud’s A-Z of fraud:
Information being compromised in transit or intercepted by cybercriminals
Solutions:
- Don’t use personal email accounts to send or receive company information. If correctly set up your accounts should continue to work on your device at home and you should have access to your usual files
- Avoid having conversations with colleagues on mediums such as WhatsApp. Only use platforms approved by the organisation
Data Loss
Solutions:
- Keep devices safe. Securely lock them away when not in use and don’t let anyone else in your home use them
- Only take documents home with you if absolutely necessary and approved by your line manager. They will need to be brought back into your organisation to be disposed of once this is over
- Shut down your work devices once you have finished using them. this helps keep information safe if the devices are lost or stolen
- Don’t open emails from unknown sources, download attachments or click on any links unless you are sure they are genuine
Handling Confidential Information
Solutions:
- If you need to answer or make phone or video calls, consider moving to a private room
- If you make a video conference call, be aware of your surroundings and what people will be able to see in the background
- Only access your organisation’s sensitive systems when absolutely necessary, and log-out of them once you have finished if you can
- Ensure that your screen is not being overlooked or visible from outside
- Lock your computer screen whenever you move away from it using:
- Windows: Windows Button + L –or- Ctrl + Alt + Delete
- Mac: Ctrl + Cmd + Q
Information or Device has been lost, stolen or accessed by an unauthorised person
Solution:
- Report this immediately to your line manager, ICT department and Information Security representative
Video Conferencing Securely
The COVID-19 lockdown means many of us are now using video calls to stay in touch with family, friends and work colleagues. If you’re new to video conferencing, this guidance will help you to use these services safely. Even if you’re familiar with video conferencing, we recommend you take a moment to check how you’re using it.
NCSC Guidance on Video Conferencing
There is also some guidance from the National Police Chiefs Council on how to reduce risks when setting up Zoom:

Working from Home – Video Guides
Our colleagues in the City of London Police – Cyber Griffin team – have produced a set of 8 short videos to help you get started with safe working from home. These guides cover:
- Introduction
- Phishing
- Phishing by voice (aka ‘Vishing’)
- Multi-Factor Authentication (2FA / MFA)
- Passwords
- Updates and Anti-Virus
- Social Engineering
- Securing your router
For more information on working safely and securely from home during the Covid-19 pandemic: