Security advice when working from home
Maintaining cyber security is essential for ensuring that day-to-day council services are kept up and running.
Although the council has technical controls in place to protect our IT network, sensitive information or data may be unintentionally leaked. As we are increasingly working online, with more agile and collaborative styles of working, this can pose a number of security risks to the council’s data. It’s therefore more important than ever that we help to manage these risks, particularly those relating to remote working or a working from home environment.
Council devices like laptops and mobile phones used for working outside the office environment are more likely to be damaged or stolen, leading to greater data security risks. The following advice can help limit this risk, whilst you’re working and also when you’re storing shut down devices and paper based documents at the end of the working day:
- Screen lock - always lock your screen when leaving your laptop or other devices unattended, particularly if you share a household with others. When working you should ensure that those without authorisation to see and use the information are not able to access it via your device. At the end of the day you must shut down the laptop, as this is more secure than ‘sleep mode’.
- Storing devices and confidential documents - when not in use, devices should be stored out of sight in a secure place along with any confidential documents.
- Software updates – to keep the software on your devices up to date, updates are regularly ‘pushed’ to apply them to devices automatically - to enable this process, you must open your devices using the ‘restart’ option as set out in the guidance.
- Reporting a security incident – you must report lost or stolen devices, a leaked password, unauthorised information disclosure or any other security related issue as soon as possible.
- Remember your password - as your computer stores and provides access to a lot of sensitive and important data, it is important that you can access and keep your account safe, with a password that you can easily remember. Forgotten passwords cannot be reset remotely by the IT&D Service Desk whilst you are working from home.
Avoid oversharing your screen during online meetings
- Screen sharing - for data privacy and security purposes, you must always be cautious when sharing your screen during online meetings. Do not leave any screens open that could be viewed by those who are not authorised to access that information.
- Using a webcam - when using your webcam you need to be aware of your background to avoid accidentally sharing too much about your home or your family members. To help address this, Microsoft Teams has an feature to blur your background or insert an entirely different background image, though this needs to be appropriate to the audience.
Do not share personal information in emails, phone, texts or via social media
Scams and Phishing are types of cyber crime that often rely on psychological methods to mislead you into revealing valuable information without you realising and can be made via phone, text message, email, social media etc.
With these types of security risk the last line of defence is you, so it’s important that you check that the request is genuine before sharing any personal information about yourself, colleagues or customers. Sharing pictures via social media from your work device also poses a security risk so it’s vital that we always ‘think before we click’ and if it doesn’t seem right, stop and report it immediately to email@example.com.
More important information and guidance on scams and other Cyber Security risks can be found online.