Information Security

Secure home working


Today’s blog stems from a source of concern for me at the moment, with my ISO 27001 Information Security hat on, as I’m mindful of the added risks we are all taking by working from home during the Covid-19 pandemic.

As employees leave secure office environments, companies find themselves exposed to potential data breaches which could: impact productivity; damage customer relationships and reputation; and even lead to hefty financial penalties.

Remember ‘CIA’:

  • The need to keep sensitive information confidential.
  • Integrity: The need for information to be an accurate and unchanged representation of the original information.
  • Availability: The need for information to be easy to access and use when needed.

When working from home, consider the following:

  • Using a secure Virtual Private Network (VPN)
  • Regular software and system updates
  • Enabling a firewall
  • Adjusting browser settings
  • Install antivirus software
  • Creating secure passwords – some great methods include: ThreeRandomWords or using the first 3 words of your favourite song, adding other characters or numbers of course. Alternatively, a password management tool such as LastPass can take care of generating secure passwords for you
  • Using two-factor authentication – I was shocked to discover how many of my regularly used websites/apps offer this and I did not have the function switched on…I do now!
  • Locking devices when not in use – even using the keyboard shortcut Windows+L when you go to the bathroom or visit the fridge for the 3rd time in an hour may help install the habit!
  • Be mindful of virtual assistants – devices such as Alexa may pose a threat to information security so should be switched off when confidential information is being discussed
  • Backing up your data

Your business may well have a remote working policy. If you’re an employee, check how you are required to handle company information when working from home. If you’re the boss, now is a great time to refresh people’s memories so send out the policy or mention it during your next communications with your team. This may also cover the acceptable use of devices.


  • Sharing passwords or writing them down – LastPass can help you here too (I promise I’m not a salesperson for them!)
  • Keep a tidy desk space – it’s likely your business has a clear desk policy, so follow that at home too. Additionally, tidying your desk space a couple of times a day is a good excuse to stretch, drink some water or laugh your exhausted partner as they ‘home school’

There are many different online threats to consider, such as phishing and other scams. Always be suspicious of links, whether in an email, social networking site, webpage, pop-up, or an advert. Do not select a link unless you know and trust the source. Checking emails and links for suspicious signs will lower the risk of online threats. Check: sender, subject, content, attachments, links.

The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. They’ve published a basic guide to information security that is easy to communicate to employees, family members, colleagues and friends. Click to view a guide from the National Cyber Security Centre which is useful.

We all lock our doors at night to keep our families safe. We all turn off the lights. Lock away confidential documents and turn off your PC/Laptop too.

Stay safe, stay well.