Skip to main content

Guidance on keeping safe and secure whilst working from home

This guide will help you to keep safe and secure whilst working from home. It includes some simple security tips, both online and offline, that will help to ensure our work and data remains effective and secure.

Page contents

Help us to improve

Your feedback matters and will make a difference. Help us understand your experience of the cyber and data security pages by taking our 5 minute survey. Start the survey.

Working remotely brings opportunities for more flexible ways of working, but it also brings new challenges, and one of them is cyber security. 

Cyber criminals can exploit the weaknesses in our home and remote networks and encourage us to click links to bad websites that will put malware (malicious software) on our computers.

This means we all have a responsibility to adopt cyber safe remote working practices, and to continue to take the security of NHS data and systems seriously from wherever our place of work is.

Here are some simple security tips, both online and offline, that will help to ensure our work and data remains effective and secure:

Online tips
  • be alert to phishing and vishing (telephone equivalent of phishing) scams. Threat actors are well aware that many people work remotely and it presents an opportunity for them to exploit. Seek advice from our security centre at [email protected] for further support if something does not feel right, be it an email, a phone call or a physical approach
  • always keep personal information, such as log in details, to yourself
  • work offline or connect by tethering to your mobile device, rather than using public Wi-Fi. Connect to Wi-Fi later, once at home on a more secure network
  • be suspicious of any emails asking you to check or renew your passwords and login credentials. Try to verify the authenticity of the request through other means, such as calling your ICT helpdesk
  • check if emails look trustworthy before you click links or attachments. If it looks suspicious, click the ‘Report Phishing’ button, or forward it immediately to [email protected] and delete it
  • change the admin/default password on your home broadband router
  • ensure the firmware on your home broadband router is up-to-date
  • make sure you are running all the latest versions of software on all your devices
  • consider password protecting documents that you send to other colleagues
  • don't use your work email address to register on non-work-related websites
  • have a data back-up strategy, and remember to do it: all important files should be backed up regularly
  • be aware of fake text messages. Rather than follow the links, always refer back to a trusted website, such as GOV.UK
Offline tips
  • always keep all your work devices with you when travelling (never leave work laptops or devices in cars)
  • ensure nobody at home, even family members, accesses your devices for personal use, such as internet browsing
  • reduce paper-handling to zero. Try not to print documents and work on them in public spaces. They will be vulnerable to theft or misplacement
  • use a screen protector to prevent shoulder surfing if you are in public spaces or shared accommodation
  • don't write passwords down
  • keep your work telephone conversations discreet. Hold them in a private place, if possible
  • never leave equipment unattended, anywhere. Lock your workstation when away from it at home. It's good behavioural practice and, if you live in shared accommodation, it's obligatory
  • familiarise yourself with your organisation’s incident reporting processes and report any incidents as soon as you're aware of them
  • be cautious with sharing information about your work on social media sites, especially on your personal accounts

Contact us

If something doesn't feel right or if you need security advice, email [email protected] for further support.

Last edited: 14 October 2024 1:06 pm