Many (if not all) cybersecurity companies and authorities are publishing remote working security guidelines. Despite good advice and intentions, in my opinion many are missing the point. At least from the large organization's point of view where employees use company managed devices.
The advice I've seen typically has a mix of several target audiences: IT departments, remote workers in general, remote workers stuck at home and even individuals using personal devices. It may be difficult to figure out what's home worker's responsibility.
Here´s what is special for remote working currently:
- People are working at home - not at cafes, libraries or other public spaces.
- The whole family is working at home, kids included.
- Everyone is worried on bigger issues than cybersecurity: health of their family, job security, money, etc.
- Everyone is extra stressed because of social distancing and lockdowns.
The following advice is given from typical large organization's point of view, where remote workers use company provided devices and software, and have professional IT team supporting them.
Do NOT worry:
Do NOT worry:
- Security of your company provided devices. It´s the responsibility of the IT team to make sure that devices, network connections and access to applications are secure: encrypted hard disk, VPN access to company network, strong authentication, anti-malware software in place and all software up-to-date.
- How the security of your home network may affect remote work. It´s good to change default password of your home wifi access point and check the device configuration in order to protect you home. However, your company devices should be protected regardless of your home network. They are configured to allow access also in random cafes after all.
- Absolute confidentiality of work related matters. In reality there may be several family members at home working around the same kitchen table. Do your best and try to find a private corner for the most confidential discussions, but don't stress too much about it.
What you CAN do to protect work related confidential information and company network:
- Follow the company guidelines. Each company may have some special requirements depending on the work and selected tools. Make sure to follow internal communications and act accordingly.
- Use and protect the company device. Keep your company device to yourself and lock the screen when not in use. Sorry, but you need to get personal devices for your own and your family's leisure use.
- Keep the data at company network or device. Use only your company provided device and file/document storage to store data. If you must handle printed material, make sure to destroy them later in accordance with your company guidelines.
- Keep your passwords to yourself. Nobody - and I mean nobody - should ask and get your password. Not even your trusted IT team or service desk. Do not reuse company password in services which are not work related.
- Think (extra carefully) before you click. Use your common sense when receiving surprising or suspicious emails or other messages. Do not open attachments or links without checking their authenticity. Criminals are busy trying to profit from fear and uncertainty. Phishing and scams are now more common.
- Ask for help. If you are unsure what to do, see something suspicious or accidentally click a phishing link, contact your organization's service desk or IT support. Better safe than sorry.
In these extraordinary times organizations should take as much cybersecurity burden from employees as we can. Following the simple advice above the users are the strong link of security while the other strong link must be your IT which takes care of technical protection.
Note, that if the use of employees' own devices is allowed to access company network and confidential data, then a totally new can of worms is opened. Don't want to go there now. Good luck.
Take care and stay safe!
Note, that if the use of employees' own devices is allowed to access company network and confidential data, then a totally new can of worms is opened. Don't want to go there now. Good luck.
Take care and stay safe!
No comments:
Post a Comment