MNIT’s cybersecurity experts share nine steps you can take to keep sensitive data safe and protect devices and private data, whether you work in the office, remotely, or both.

1. Physically secure devices at home and in the office.

Ensure that devices and data are stored securely in locked drawers or file cabinets, away from prying fingers and eyes when not in use.

2. Secure devices while in transit.

Physically secure your device in your vehicle, keep it where it is not easily seen, when traveling to or from the office. Vehicles can be susceptible to break-ins, which could result in your devices or data being stolen, and this could lead to a data breach. 

3. Screen-lock devices when you step away from your remote or work office.

An unlocked computer or phone can be easily compromised. To prevent someone from gaining unauthorized access to your device, require a strong password, fingerprint, or facial recognition to unlock and secure devices. Always lock the screen on your laptop or other device when you step away, even at home. 

4. Never leave devices and data unattended in a conference room or public area.

Stepping away from your device for a minute to talk or take a break in a public setting (whether it's a conference room or even your office building) seems harmless, but if devices or information are left unattended, even for just a moment, they can be lost or taken.

5. If you need a badge, bring it to the office, and only use it for yourself.

If you use an employee badge or ID to enter your office, remember to keep it with you, so you can access your secure work area or other secure facilities. Don't let someone follow you into a secure area after you've swiped your badge. They should also swipe their badge to make sure they are allowed to enter.

6. Be aware of anyone without a badge or an escort in a secure area.

If you see someone who doesn’t have a badge in your office and badges are required, or if someone is walking in a secure area unescorted, report it to security or reception desk. 

7. Use a password manager to keep your passwords secure.

Don't write down passwords on a piece of paper; don't save passwords in a Word file on your computer or in your browser; and don't share your passwords. These pose huge security risks. Instead, use a password manager to generate, retrieve, and keep track of your strong passwords. That way you only need to remember one password to access everything.

8. Watch for suspicious emails and phishing attacks.

It's safe for you to open an email to determine if it is legitimate or a phishing attempt. What you do after opening email could pose a security risk.

• Question it. Be suspicious if the email includes common phishing tactics – is it threatening, urgent, offer something at a discount or free, or ask you to share private information such as credit card or bank accounts. 
• Examine it. Look for an external warning banner at the top. Check to see if the sender's name and email address match. 
• Don't immediately respond. Hover your cursor over links and attachments to look at the URL and determine if they are legitimate. 
• Verify it. If you receive an unexpected email – even from someone you know – do not immediately click on links or open attachments. Contact the sender using an alternate method to confirm that they actually sent the email. 
• Report it. If you think it's suspicious or a phishing attempt, report it, and delete it.

Cyber criminals want to steal your information, and phishing attacks can happen at the workplace or at the home office.

9. Connect devices and resources securely.

While working from remotely, always use secure WiFi and your organization's Virtual Private Network (VPN) to connect securely. If you’re on the go, use a mobile hotspot and VPN. At the office, connect directly to your organization's network whenever possible. If you’re in a conference room or other location, connect your phone or laptop to a secure WiFi.