Expert advice on remote working from BSI's Cyber Security and Information Resilience team
As more and more businesses start to implement remote working practices, BSI's Cyber Security and Information Resilience team has issued expert advice to businesses and workers as to how to best prepare for working away from their offices efficiently and securely. While different businesses across the UK will have different policies and protocols, the top 10 tips below covers everything from protecting confidential business information and using Wi-Fi to effective working patterns and environments while at home.
1. Preparing for travel – What should I do when I leave the office?
Make sure you have your IT department's contact details as you may need their support during the days ahead. If you are asked to take your laptop, business equipment and business information, take care when travelling and remember personal security. Criminals are opportunistic and if they see something lying in the back of the car, for example, it could be stolen.
2. Business information – what should I do if I have confidential business information?
Always keep it secure and have it in your possession and never out of eyesight. If you are taking a break or leaving the documentation, stow it in a safe environment. Remember, business information will need to remain confidential even if stored in your home.
3. Using home Wi-Fi – I’ve never connected my work laptop or device to my home Wi-Fi?
If you have been asked to connect to your home Internet, make sure that your Wi-Fi connection is secure and password enabled so you can control who connects to it. If you have any doubts contact your IT team and they can confirm. For public and unsecured Wi-Fi, the best advice is either to avoid connecting with them and tether using your phone or use a VPN to secure the connection.
4. Use your VPN – what is a VPN and how do I connect to it?
A VPN is a Virtual Private Network that most businesses use to allow you to create a secure connection to the network over the Internet. Most companies have a policy on VPN usage and how to connect to it – usually a password enabled or token system. Ask your IT department for more information.
5. Phishing – what is phishing and why do I need to be careful?
Phishing is a fraudulent practice where scammers or cybercriminals send emails that look like they are reputable and trustworthy sources in order to entice individuals to reveal personal information, such as passwords and credit card numbers. It is one of the largest causes of cybercrime and all users - both in work and at home - need to be on the lookout especially at this time. If you do see any email that looks to be from an untrustworthy source, report it to your IT department and follow their advice. If you happen to click a link or download one, contact your IT department immediately as it will have protocols in place to remediate or solve the issue.
6. Mobile phone and device security – is my mobile phone safe?
Maybe not. We are seeing an increase in incoming calls from numbers that you may not recognize or calls from “unknown numbers”. It is best not to answer the unknown numbers and use caution when answering unrecognized numbers.
7. Backups – what is a back-up and what do I need to do?
A backup, or data backup, is a copy of computer data taken and stored elsewhere. It can be used to restore the original data after an event or preparing for a potential data leak event. Talk to your IT department about what data you need to backup, how to back it up and what equipment you need to do it.
8. Conference calling and internal communication – what are they and why use them?
Your company may be able to provide you with calling capabilities through a different application than the one you use in your normal work environment. Check in with teammates using your company conferencing equipment like WebEx, Microsoft Teams and Zoom. Keep up to date with company policies and internal communications. For client engagement, also ensure that your clients either have this equipment or can download and access it in line with their own company policies
9. Working patterns – how can I maintain my normal working habits?
Keep your good working habits. For those who are not accustomed to working from home, the prospect can be difficult to adapt to, particularly for extended periods of time. Apply as many of your normal office routines as possible such as waking up time, start and finish times, coffee breaks, lunch breaks, meetings and client interactions, even when conducted remotely. The more in sequence with normal office practices you are, the easier the remote working process becomes.
10. Working environment – what is the best working environment for me?
Where you can, establish a comfortable working environment. Ergonomics are as important at home as they are in the office. Think about the equipment, data and information you will now have in the home and how you need to protect it from unintended sight or use. Also consider your company policies around disposal of data and information.
Stephen Bowes, Global Practice Director, Information & Security Technologies, BSI Consulting Services, said: "There are multiple benefits to both organizations and their employees with a robust remote working model. Employee performance, recruitment, retention and job satisfaction increase whilst organizations costs decrease. Moreover, ready or not, organizations need to plan for the inevitable and the unforeseen by implementing the requirements for a remote workforce. Seize the opportunity today to bolster your physical and digital security protocols, information resilience and business continuity plans, by preparing for the currently evolving and distributed workplace and meeting employee needs.”