Remote work from a cafe or other public space brings privacy, security risks

Working from a cafe, a co-working space, a hotel lobby or an airport lounge has become routine for many remote workers, the Associated Press noted in its “One Tech Tip” column. But the same convenience can expose laptops, phones and account logins to privacy and cybersecurity threats, the column said, citing guidance from the British government and the U.S. National Security Agency.

The column urged remote workers to start by checking the “rulebook” from their employer. It said hybrid or fully remote work is common, but companies and organizations often publish internal guidance for staff working in public and may provide privacy and confidentiality training. It also said some employers discourage working in crowded public places such as coffee shops because of data privacy risks, and it pointed to travel-related rules that can restrict where employees work.

On the British-government side, the guidance quoted in the column warned that additional access risk exists for sensitive information. The British government said: “These environments can present additional risks, including being more freely accessible to people without the appropriate clearance and need-to-know.”

For the physical privacy risk of being watched, the column advised workers to reduce what others can see on their screens. It recommended finding a more secluded spot, such as sitting in a way that makes it harder for others to view what’s on the display, and it suggested positioning a laptop so it is harder for someone to “shoulder surf,” including by sitting with the user’s back to a wall. It also recommended using a screen privacy filter, described as a thin film with tiny louvres designed to prevent viewing from an angle.

When it comes to the wireless connection itself, the column warned that using public Wi-Fi can be a high-risk choice. It said cybersecurity experts advise against connecting to a public Wi-Fi network that doesn’t require a password, because data sent over such networks can be vulnerable to theft or manipulation, citing the National Security Agency. The column added that requiring a password does not guarantee encryption, saying the NSA warns about that in a cybersecurity tip sheet.

The column also addressed a specific threat scenario tied to Wi-Fi networks: the creation of fake access points. It quoted the NSA warning that: “A malicious actor can set up a fake access point, also known as an evil twin, to mimic the nearby expected public Wi-Fi, resulting in that actor having access to all data sent over the network.”

To reduce those risks, the column recommended using a mobile hotspot instead of public Wi-Fi, describing hotspots as more secure because they use a cellphone signal to create a small private wireless network. It also said users can then layer on additional protection by using a VPN—software that encrypts data traffic and routes it through private tunnels to secure servers—adding that companies often provide VPNs for staff but that individuals can sign up if they do not.

Finally, the column said “obvious measures” still matter in public spaces. It warned to beware of surroundings when using laptops in plain sight, and it advised taking devices with you if you need to step away. It also cautioned against private conversations in public, saying workers cannot be sure whether people in the area—or “smart listening devices”—are overhearing. The guidance quoted the British government again, which warned: “In public areas be aware of whether you can be overheard by any unauthorized individuals, such as members of the public, or smart listening devices.”

The “One Tech Tip” column ended by inviting readers to suggest future tech topics by email.