Home working is now common practice for many people, and the technology that makes it possible means we can just as easily work in public spaces like trains, coffee shops or co-working spots.
While working remotely is undoubtedly appealing, the ease with which we can connect on the move brings some important challenges and considerations. In this article, we’ll look at some of the key threats to be aware of when working remotely, and how you can avoid them.
Eavesdropping attacks
Eavesdropping attacks are social engineering techniques which aim to intercept the information in our communications without being detected. These attacks can come in various guises, from sophisticated technology-based approaches, to more straightforward, opportunistic methods.
The objectives of an eavesdropping attacker may include:
- intercepting information from a competitor, and looking to exploit their plans for competitive advantage;
- collecting intelligence or classified information; and
- gathering compromising material by monitoring conversations and communications.
In a business context, major risks from these attackers include:
- the disclosure of client names and details;
- a breach of client confidentiality;
- regulatory and legal issues; and
- reputational damage.
Things to look out for:
‘Shoulder surfing’ is when someone lurks in your vicinity, trying to see what you’re looking at on your laptop or mobile phone. Particular danger spots include cafés and crowded public transport.
- Consider you location – avoid completely open tables where possible. Having your back to a wall will limit people’s opportunities to view your screen.
- Use privacy screens – these make it hard for people nearby to see your device, but won’t impact the way you work.
People may also simply listen to your conversations. Talking in public about your work can attract the attention of opportunists, and may tip them off about the nature of the work you’re doing – which, in turn, could make your devices or documents targets for theft.
- Remember to take care when making or taking calls in a public setting, where it may be very easy for others to hear your conversations.
Public Wi-Fi attacks
Public Wi-Fi is widely available, making working from a public space a tempting prospect. However, there are various ways criminals can use Wi-Fi to access sensitive information, like your emails, credit card information and passwords.
Things to look out for:
‘Man in the Middle’ attacks are a common threat when using public Wi-Fi. The tactic allows an attacker to position themselves between your device and the internet connection, giving them sight of any data being transmitted.
- A Virtual Private Network (VPN) can keep your information safe by encrypting the data being transmitted – even in a public setting. VPNs are a common and cost-effective solution, and are available from most major tech and cyber service providers. Subscription-based services start from just a few pounds per month.
Fake hotspots and Wi-Fi access points are another problem. They can be created in places where free Wi-Fi might be expected – such as a coffee shop, restaurant, or public transport hub. Attackers then give the hot spot an appropriately convincing name (e.g. “restaurant name Wi-Fi”), tricking victims into using the attacker’s connection, which they can use to view any data being transmitted.
- Businesses offering free Wi-Fi often display details of it on signs or on receipts. Make sure you check this information before using any available Wi-Fi.
- Ask a staff member about their Wi-Fi service, and check the name of the connection to make sure it’s legitimate.
- Setting up your own personal hot spot (e.g. via a mobile phone) can be a cost-effective way to connect a laptop and other devices to the internet, as it’s generally included in any mobile / data plan with your supplier. Just make sure it’s protected by a strong password.
- In all situations, a VPN remains the best option for securing access to the internet outside of a home or business connection – even if you’re using a legitimate Wi-Fi connection or personal hot spot.
Physical attacks
With so many concerns about how attackers can access the connections to our devices, it’s easy to forget about the most straightforward risk to working in public – physical theft.
- Never leave your devices unattended. Even a few moments away from a table or desk gives plenty of time for somebody to pick up your device and make an exit!
- The same care should be taken when handling printed and physical documentation in public – especially business documents that contain confidential information.
- Putting devices away when not in use is an easy way to stop them being noticed by potential thieves.
- Many cafes, restaurants and public gathering spots offer useful security features, such as the ability to attach bags to a table – another useful defence against opportunistic theft.
- Ensure you have strong password protection on all devices, and set up your systems so they automatically lock after a brief period of inactivity. And remember the threat of shoulder surfing when you’re inputting passwords and PINs into your devices.
- If your device is ever lost or stolen, data back-ups such as cloud storage can enable you to access your information from another device.
Key considerations
- Always lock devices when they’re not in use, and ensure they’re protected by strong passwords. Consider using a password manager to create and store your passwords.
- Use two-step or two-factor authentication to stop attackers from accessing your devices – even if they know your passwords.
- Configure your device settings to disable Bluetooth automatic connections, and prevent them from automatically scanning for and connecting to Wi-Fi.
- Be aware of your surroundings. Who can see and hear what you’re working on? Make sure you notice who’s around when you’re speaking on the phone – especially about work-related topics.
- Use a VPN when connecting to public Wi-Fi. There are no guarantees when it comes to using public connections, even when using the genuine offering of a major store or chain.
- Regular security updates are released by software producers to fix vulnerabilities in out-of-date systems, software, and apps. Installing these security updates on your systems and devices is one of the most important steps you can take to protect yourself and your work online.
- Make time to visit the National Cyber Security Centre for advice and guidance on a broad range of cyber and information security issues.
