As you know, working from home has become a necessity for many organisations. However, this new reality presents unique challenges for many companies and their information security as remote work environments don’t usually hold the same safeguards as an office.
Therefore, additional security policies are needed and should be made very clear to the remote workforce.
Ricardo Deiana, Director of our sponsor, Infonet Solutions, has provided us with a summarised guide of policy guidelines they think should be followed when you or your employees are outside the office. Feel free to contact us to know more about the security of you and your company’s data.
- Try to avoid public Wi-Fi by using a personal hotspot. If you happen to work from a public network such as a cafe or airport, remember that other people connected to the same network could attempt to steal or monitor your data traffic for malicious purposes. The best way to minimise this risk is by using a personal hotspot, maybe through your phone or a dedicated device, so no intruders can be in your network.
- Encrypt your connection by using a VPN or encrypted remote connection. Your data traffic flowing through the public internet can be intercepted and stolen or modified while in transit, putting your company’s data at serious risk. Using a VPN connection, or even better an encrypted remote connection to your company’s data and services can mitigate this risk.
- Keep work data on work devices or use cloud services to access and work on work data. Your personal devices are out of the control of your company’s IT department. These might not have the necessary security policies and countermeasures exposing your company’s data and sensitive information to many risks. Always use company devices or reliable (and approved by your company) cloud services to store and work on sensitive information.
- Encrypt sensitive data stored in your devices and on emails. Emails can be intercepted and devices can be stolen compromising the company’s data and information. Encrypting the data cannot prevent these from being stolen but can avoid the spread of your company’s sensitive information.
- Block the sightlines and never leave your devices unattended. A malicious person could easily and quickly identify confidential information or compromise your devices while unattended. Simply make sure you know what and who is around you and never leave your devices unattended.
- Keep company devices with you at all times or lock them. Portable devices can be easily stolen so taking physical precautions like locking them somewhere safe or keeping them with you at all times is a must when dealing with a company’s assets.
- Don’t use unknown removable drives. Dropping a removable drive near a company premise is a classic technique for hackers to gain access to the company’s data. Never trust random, removable drives even if they come from a colleague or friend as they might not know where it’s come from or who previously used them.
- Use a USB data blocker when charging your phone or tablet at a public charging station. Make sure your device will only allow charging and does not accept any data exchange while connected to an unknown USB port.
“While good technologies and policies can definitely help, the truth is that the employees represent the primary information security risk. General work from home and remote work policies on computer and internet use can easily be enforced with both technical and administrative controls by CISOs and IT managers, but the most important thing remains to train and create awareness within the employees.”
To dig deeper into this very actual and broad topic, feel free to contact our sponsor and security specialist, Infonet Solutions, from the contact form below.
To know more about Infonet Solutions, its history, and services, visit their website here.