Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Guidance on keeping safe and secure whilst working from home

As we adapt to modified ways of working we need to ensure we continue to take the security of our data and systems seriously.  You may have seen from recent media reports that cyber criminals are preying on fears of the Coronavirus (COVID- 19) and sending 'phishing' emails that try and trick users into clicking on a link to a bad website (which could download malware onto their computer or steal passwords).

The layers of security we rely on in the workplace are naturally reduced when working remotely; and there are some simple security tips both online and offline that will help ensure our work and data remains effective and secure.

Online tips
  • be alert to COVID-19 phishing and vishing (telephone equivalent of phishing) scams.  Threat actors are well aware that people are being asked to work remotely and it presents an opportunity for them to exploit.  If in doubt, seek advice from colleagues or the corporate security team if something does not feel right, be it an email, a phone call or a physical approach
  • don't use public WiFi, either work offline and connect later once at home on a more secure network or connect by tethering to your mobile device
  • be suspicious of any emails asking you to check or renew your passwords and login credentials. Try to verify the authenticity of the request through other means e.g. call the ICT helpdesk
  • don't click on suspicious links or open any suspicious attachments
  • change the admin/default password on your home broadband router,
  • ensure the firmware on your home broadband router is up to date
  • make sure you are running all the latest versions of software on all your devices
  • consider password protecting documents that you send across the internet to other colleagues
  • don't use your work email address to register on non-work-related websites
  • have a data back-up strategy, and remember to do it: All important files should be backed up regularly. 
Offline tips
  • always keep all your work devices with you when travelling (never leave work laptops or devices in cars)
  • never allow anyone else such as family members to access your devices for personal use such as internet browsing  
  • reduce paper-handling to zero.  Try not to print documents and work on them in public spaces.  They will be vulnerable to theft or misplacement 
  • use a screen protector to prevent shoulder surfing if you are in public spaces or shared accommodation
  • don't write passwords down
  • keep your work telephone conversations discreet.  Hold them in a private place if possible
  • never leave equipment unattended, anywhere.  Lock your workstation when away from it at home.  It's good behavioural practice and, if you live in shared accommodation, obligatory. 
  • Familiarise yourself with your organisation’s incident reporting processes and report any incidents as soon as you become aware of them.

Contact us

If something doesn't feel right or if you need security advice, please contact your own security team or email the NHS Digital Data Security Centre at [email protected] for further support.

Further information

internal Staying cyber fit

With millions of us working from home due to the COVID-19, the cyber security risks are high. We've created a guide to help you to stay cyber fit when working at home.

Last edited: 24 November 2022 1:50 pm