Published: 27 March 2020

Cyber safety advice on working from home

Written by cybersecurity expert, Professor Alan Woodward.

As we deal with the COVID-19 crisis our attention is quite rightly focussed on keeping our friends, family and wider community safe from the disease.  Sadly, it is precisely when our attention is elsewhere that cybercriminals strike.  Here are simple tips on how you can stay safe if you are working remotely.


Some of this may be familiar -- but remember, you may need to translate them for an unfamiliar context: for example, if you are using home equipment and connections where you would normally be using those supplied and maintained by your place of work.

Update your software

You need to ensure that your device is running the latest software: this includes phones, tablets and PCs.  This applies to both the operating system and any applications, such as Microsoft Office.  Ideally have your system set to update automatically so that any unexpected security updates will be applied.  

Also make sure you have an up-to-date anti-virus checker on your system. This could be Windows Defender, which is built into Windows 10, but in some cases these need to be updated daily as the threats do evolve rapidly.

Beware of phishing

Remember that over 90 per cent of all attacks begin with some form of phishing, such as an email that pretends to be something it’s not and draws you into either visiting a boobytrapped link or opening a document that contains malware.  Many organisations have safeguards in place to prevent you inadvertently opening documents and activating the macros that can initiate an attack, but this is most likely not the case in most people’s homes.

With so many ways of communicating, phishing now comes in many forms.  It can arrive via text, WhatsApp or other instant messengers or even via video calls (phishing, smishing and vishing).  With all such communications, practice your ABCs: Assume nothing, Believe no one, and Check everything.  And don’t forget D: if in doubt, just Delete it.

The watering hole

In times such as these we are all naturally hungry for information.  Cybercriminals prey on this with what are called ‘watering hole’ attacks.  They set up a website purporting to supply vital information, only to find ways of infecting your device should you visit.  The addresses of these sites often circulate on social media.  In the same way you should not trust links in phishing emails, you should not assume any links circulating are anything other than a watering hole attack, even if it appears to point to a well-known site.  It is much better to visit a site directly and check out the information you seek. Extra caution in these unprecedented times will help prevent criminals making an already bad situation even worse.

For further details on how to stay safe online please visit the National Cyber Security Centre where you will find advice and guidance on a range of cyber security issues:





Share what you've read?