The BBC recently featured an article querying whether commuters should be paid for the extra work they complete whilst travelling.
Whilst we applaud people’s dedication to their jobs, from an IT security perspective, they are posing a risk to their company by working outside of the secure office environment.
If you’re using an un-secure connection to visit websites that don’t have an SSL certificate (meaning their website is read as ‘not secure’ by your web browser), it could result in your login details being intercepted using packet sniffing.
What is Packet sniffing?
Packet sniffing is a network attack strategy that allows someone to capture data passing along the network, in this case the train Wi-fi, to steal passwords or sensitive information, particularly if it is unencrypted. This will then give them access to the insecure website you had just visited and be able to log in using correct credentials.
How can you prevent this?
We recommend you either use your mobile data or to VPN into your secure network, if possible, and avoid any websites that state they are “not secure”.
Some other things to consider
If you or an employee have customer data on your screen or a document that was visible to the public, you could be breaching the General Data Protection Regulation (GDPR). Don’t get sensitive documents out in public places, it really isn’t worth the risk. If you do need this information on your screen – privacy screens are a good way to stop those around you from seeing what you are working on.
If you are concerned about these issues, don’t rush to stop your employees from doing work outside of the office. ‘Clamping down’ on commute working, or flexible out-of-the-office working can be damaging to staff morale and suggests that you don’t appreciate their extra efforts. It is possible to work on a train, or in a coffee shop and still be savvy about your IT security. Educate your staff, have some robust IT policies in place and chances are, they will thank you for empowering them to work in a safe and secure way.
Wondering where to start?
Speak to us about your IT policies and staff training. Our approach to IT security is holistic and covers everything from sending emails from a mobile phone, to setting passwords on laptops. We understand the risks, so we can protect you and every aspect of your business from them.