Some homework on home working

Following 14 months of lockdowns, the UK is slowly emerging from restrictions however one for many the period has been revelatory for stimulating new levels of productivity and improvements to the ever-elusive work-life balance.


Unfortunately, the same can be said for cyber criminals who have been have taken advantage of businesses and employees that have been largely unaware of the vulnerabilities they have unwittingly opened themselves up to.

A recent YouGov survey of 2,000 UK employees on behalf of information technology and cloud computing company Lomart highlighted how everyday actions we do around the house without even thinking about can pose a cyber security risk.


A quarter of respondents said they let their children use their work device, 74% admitted they used the same password for everything and 48% could access their work email from a personal device. It is perhaps understandable how the lines between work and home may have become less visible but being aware of what could go wrong and taking small steps to reduce the risks can help diminish your and your companies’ chance of being a victim of cybercrime.



Case in point, a cyber breach where a vulnerable 15-year-old child who was able to understand and unpick the compromised security system of the company his mother worked for. How? He had been able to access her login credentials without her knowledge.


This information however only came to light following an investigation carried out by Thames Valley Police where it was discovered the teenager had also repeatedly infiltrated other companies including gaining access to huge amounts of data of a US online company with a global customer base.


Thankfully, the boy had no criminal intentions and was simply at a loose end trying to fill his time and test his technical knowledge. While this is no justification for what happened, it is clear how this could have been very different in the hands of a hardened criminal who makes it their business to sabotage innocent people’s livelihoods.


Education is the key

It could still be a long while before teams are fully back in the office so here are our suggestions to help you as a business owner or leader to keep your co-workers more cyber aware and resilient:

  • Do you know your ransomware from malware? The difference between phishing and vishing? How about getting familiar with the language through our super handy jargon buster?

  • Use a VPN (virtual private network) so that teams can safely access files and emails. A VPN creates an encrypted network connection that authenticates devices and encrypts data in transit between the user and your services. If you are already using one, make sure it is fully patched i.e., it is the most recent version and all updates have been installed.

  • When setting up new accounts or increasing an employee’s access to servers or highly sensitive information, make sure strong passwords are used and two-factor authentication (2FA) is enabled. This is an extra layer of security and when logging in, there will be a code, or a prompt sent via email or text so you can verify who you say are.

  • With family members/housemates around it is easier for things like mobile devices to be accidentally moved, damaged or misplaced. Most devices have built in encryption, which protects data if the device is lost or stolen. Encourage employees to make sure this function is switched on.

  • If you are going to let other people use your device. Make sure they are using an account without administrator privileges. This added layer of protection will block them from accidentally making significant changes or downloading additional software to the device.

  • Do your colleagues know what the protocol is should they suspect that something has gone wrong with a device or they suspect a breach or attack? Do you know how to report a cyber attack?


The South East Cyber Resilience Centre is here to steer you in the right direction for your cyber security needs. Through FREE core membership you can receive all the latest cyber updates, hint, and tips and more. We also have a variety of in-depth payable services that will highlight any vulnerabilities and recommendations for fixes. Join today for peace of mind.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.