Working from Home tips for Candidates – Security

Protect your personal data (tips from our Partners at


• Take extra care that devices are not lost or misplaced.
• Make sure all devices have necessary updates- including operating systems and software/antivirus updates.
• Ensure your computer, laptop etc. is used in a safe location where you can keep sight of it and minimise who else can view the screen.
• Lock your device if you have to leave it unattended for any reason.
• Make sure your devices are turned off, locked, or stored carefully when not in use.
• Use effective access controls; multi-factor authentication, strong passwords etc.


• Follow any applicable policies in your organisation around the use of email.
• Use work email accounts rather than personal ones for work-related emails. If you have to use personal email make sure contents and attachments are encrypted and avoid using personal or confidential data in subject lines.
• Before sending an email, double check that you are sending it to the correct recipient.
• Covid-19 phishing scams – attackers are taking advantage of the pandemic by sending phishing emails. These can do real harm to your organisation. If you receive such an email, evaluate it and verify email with the sender before interacting with it.

Network Access

• Where possible only use your organisation’s trusted networks and comply with any organisational rules and procedures about network access, login and, data sharing.
• If working without network access, ensure locally stored data is backed up securely.

Paper Records

• Where working remotely with paper records, take steps to ensure their security and confidentiality, such as by keeping them locked in a filing cabinet or drawer when not in use, disposing of them securely (e.g. shredding), and making sure they are not left somewhere they could be misplaced or stolen.
• If you’re dealing with records that contain special categories of personal data, you should take extra care and only remove such records from a secure location where it is strictly necessary. See for more details on special categories of data.
• Where possible, you should keep a written record of which records and files have been taken home, in order to maintain good data access and governance practices.