National Home Office Security and Safety Week is January 12, 2020, through January 18, 2020. This is a good opportunity to learn what risks affect those working remotely from home, and how those risks are different from working in a corporate environment.
Working from home affords a great amount of freedom. With that freedom, though, comes an increase in responsibility. Additional considerations for securely and safely working from home are many of the aspects that can be taken for granted when working on-site.
Are the computer monitors in view of a window and possibly someone walking by outside? How are physical documents or notes properly destroyed, rather than thrown in the trash and potentially recovered by dumpster divers? Are Wi-Fi networks properly set up with the highest level of security available and a strong password? Are devices patched regularly with updates to protect from security vulnerabilities? Are critical files backed up somewhere safe?
Perhaps the biggest danger is what a remote worker doesn’t know, rather than any malicious intent or willful negligence. To XXX, here are questions remote workers should know, or ask of their Security or I.T. departments to ensure they are setting themselves up for success:
- Are my devices set to update automatically, with no need for interaction from me? If not, and I need to manually apply updates, do I know how to do so and at what intervals? How can I best keep that schedule of updates set to remind me?
- How do I properly dispose of data? This includes electronic data that can’t or shouldn’t be recoverable, as well as physical papers that have sensitive information. What should be retained, and for how long? If any data needs to be retained for regulatory purposes, what is the safest and most secure method of doing so?
- What, if anything, do I need to do for prevention of attacks coming through email? Phishing emails, malicious links, and virus attachments are a prevalent attack vector. Is my corporate email capable of scanning for most/all of these attacks, or do I need anti-virus or anti-malware software that scans email that comes into my computer?
- Am I aware of proper procedures and expectations for working securely while remote? Is there a library or repository of the policies or procedures I can reference when I might need to lookup an answer? Do I know how to find this library easily? Where can I go for help if I can’t find my answers?
Knowing the right questions to ask, of yourself and of your Security department, is critical when working remotely. And understanding the key elements of working remotely with a safe and secure mindset will significantly raise your comfort level – and allow you to focus on the work at hand!