Book a Demo
Demo Centre
Get The Guide

How To Transform Your Users Into A Cyber Security Asset

Start driving employee behaviour change with your free guide.

Get The Guide

Emma Woods

How To Stay Safe Online When Working Remotely

Working away from the office is fast becoming the norm for many businesses, and there’s tonnes of benefits for employees. But, like anything in the cyber world, there’s some considerable risks you and your colleagues should be looking out for.

Untitled design-1 

Over the past decade, the number of employees working remotely has shot up by a fifth, and the trend is set to grow further and further. After all, employees no longer need to be lumbered behind the same desk for 40 hours a week. But where productivity, convenience and moral gain, cyber security is hampered.

So, if you’re thinking about launching a work from home initiative, or whether you’ve already introduced it on any level, here are some of our security tips for your end-users to live by.


Keep your passwords to yourself

You wouldn’t type in your ATM pin for all the world to see, so why should you treat your password any different? With a growing trend of “shoulder surfing” (spying on someone's device to obtain login credentials/ company data - often in a public area such as a train), employees need to take extra care when using devices in busy areas.

It may sound like common sense, but covering your screen is the easiest way to stop shoulder surfers from stealing your credentials and accessing your accounts.


Here are a few tips to keep your password safe:

  • Change your password regularly

  • Never re-use the same password

  • Avoid using any personal information in your passwords

  • Never share your password with anyone



Ensure up-to-date security protection is in place

It's very common for employees to use their personal devices instead of the ones supplied for them by the business. When employees use their own devices, they could potentially cause harm to the business by allowing corporate data to be stored on a less secured computer.

Devices that are used for work by the organisation should be properly protected with antivirus, web filtering, firewalls, and other preventative software. If employees are using their own personal devices for remote working, they should ensure their security protection is up-to-date. Read this great blog on data security tips by



Be cautious when using public wifi

Untitled design-2

The problem with public Wi-Fi is that there are a tremendous number of risks. Man-in-the-middle, snooping and sniffing, un-encrypted networks and malware distributions are just some of the ways that cyber criminals can attack.

Make sure that your users know to disable file sharing, log out of accounts when finished with them, and only visit sites using HTTPS.



Look out for fraudulent emails

When working away from the office, employees will naturally turn to email when communicating with colleagues, making it even more important for them to be able to spot fraudulent messages. It’s vital for end-users to not only be able to spot a phishing email, but to also know what information they shouldn’t send through email.

Raising awareness around phishing emails and email best practice are great ways of mitigating these threats, as well as policies around what information should not be involved in this method of correspondence.


"Only 3% of users report phishing emails to their management"



Be careful when using public computers

A vast majority of people will use their own laptop for remote working. On the odd occasion, an employee may need to use a public computer, like in a business suite in an airport. Employees should be made aware of the security issues when using public computers.

They should not be used for any sensitive information or private browsing. After using a public computer, your browsing history should always be deleted as well as any downloads that have been made.


Safe use of removable devices

One of the biggest freebies you’re likely to come across at any business event or conference is the seemingly harmless USB stick. Most end-users will plug these in without a second thought, unbeknown that these little devices can contain harmful malware

That being said, the more likely scenario will be for an employee to stumble across a ‘lost’ USB outside of work, with intrigue causing them to plug the device into their personal or corporate computer. This is a known tactic that cyber criminals use to install harmful software onto computers and devices, often resulting in stolen data or ransom payments.

Employees need to know that any USB found outside of work should be left well alone, or any found inside of work should be handed to the IT department to check over.

Want to raise employee security awareness around these issues? Take a look at our automated security awareness training platform for free. No card details needed, just instant access.



Use a VPN when you are working remotely 

Man sitting down working on his laptop

 One very simple way to keep your data safe when your working remotely, especially in a public place, is it to use a VPN. Any unprotected internet connection is a risk, a VPN encrypts data so any malicious outsiders can’t see what your doing online.

As well as protecting your data whilst working remotely, a VPN will alter your IP address. This makes it seem like you are using your device elsewhere. Depending on your needs you can either use a VPN from your workplace or host one out of your house. 

If you choose to work remotely in a cafe or a shopping centre you should use VPN to protect your activity. It is very easy for a hacker to gain access to a public network, simply because they are not secure. Hacker's use public WiFi networks to monitor your browsing activity and steal your account login information.

 GDPR & information security awareness posters


Enable 2-factor authentication on your device- not just when your working remotely.

It’s pretty obvious now that passwords are no longer the best form of security to prevent criminals from gaining access to data. After all most people don’t ever change their passwords, or even use strong passwords in the first place.

 2-factor authentication is a password and another form of security, this could be anything such as:

  • A retina scan

  • Thumbprint

  • Pin number

  • Security question

  • Text verification code 

There are numerous forms of security to choose from, an even more powerful method of security is Multi factor authentication, this is usually 3-4 different types of security, with one of them being your password.


"73% of online accounts are guarded by duplicate passwords"


Install updates

When employees work remotely more often that not they will use public WiFi which isn’t always secure, this increases the chances of security risks entering the network and accessing your data. This is why it’s crucial to keep software up to date. Yes, software updates can be time consuming to update, even though it’s not the most entertaining thing to be doing with your time, it is probably one of the most important things to do to prevent your data from being stolen. 


Installing updates will reduce the chances of any security risks and fix and bugs and system crashes. Every piece of software has system its own flaws, as manufacturers make uncover security flaws and bugs, they release updates. Updating your software regularly ensures that your device is using the most current and bug free software.


Close up of coding on a computer



Remote working is the new trend for workplaces, for employers and their employees their is the constant worry of data loss. Don't worry there are many different ways to mitigate the risks. Simply using the tips above could help you and your employees to keep their data safe when they work remotely. Here is the list of the security tips to follow:

  • Keep your passwords to yourself

  • Ensure up to data security protection

  • Be cautious when using public WIFI

  • Look out for fraudulent emails

  • Be careful using public computers

  • Safe use of removable devices

  • Use a VPN

  • Enable 2-factor authentication

  • Install any updates

Social Engineering awareness kit