Information Security guidelines for employees working from Home
By Sudhir G K, Information Security and Management Consultant, Inzinc Consulting India
With the COVID-19 Corona Virus pandemic spreading like wildfire across the globe, the World order has changed and the Businesses have started adapting to new strategies. More specifically, if we speak about Information security related Business strategies, one of the foremost is that of “Work from home”. Working from home is not a new strategy altogether. It has been there around from quite some time now. Earlier, it used to be few employees and few Organizations who were working from Home. But the tables are turned now and almost all employees are taking the teleworking from home route due to Business and pandemic enforced compulsions.
In this situation, one thing that comes to the mind is the Information security aspect while working from home. As more and more people connect to the network, information security is more challenged now than ever before. Hackers will try to attack our systems and devices now than before. From the user behaviour perspective, few Do’s and Don’ts are required to ensure preservation of information security during these trying times. This blog aims to provide you with the basic information security guidelines or tips for working from home in the form of Do’s and Don’ts.
Information Security Do’s and Don’ts during “Work from Home”
Do’s of Working from Home
- Do check your antivirus status in terms of patches and ensure that the latest antivirus patches are updated.
- Do install application patches to ensure that applications are up to date.
- Do take regular back up of your data preferably on a secure cloud storage. The frequency needs to be more than what it used to be while working from your office.
- Do use Virtual Private Network (VPN) access since VPNs are secure in terms of securing the data in transit, hiding user’s IP address and location.
- Do change your password at regular intervals for the systems and applications that you use.
- Do report any unusual malicious activity in your system (with respect to security) to your Incident Management team.
- Do lock your device when you are done for the day or when you take breaks.
- Do think twice before sending sensitive information to anyone.
- Do handle your devices properly as any damage will lead to problems related to Project execution.
- Do use messaging services that have end-to-end encryption and that is authorized by your Organization for official use.
- Do get the awareness of your Organization’s Security policies and procedures.
Don’ts of Working from Home
- Do not try to log on with an unsecure network. Use the network that has been provided by your Organization.
- Do not install unverified and unauthorized software applications if you have administrative access on your devices.
- Do not use removable media (pen drives or external hard drives) that are not authorized by your Organization.
- Do not click on links on websites that are not secure and that are not authorized.
- Do not rush into checking your emails since there are possibilities that you click on phishing emails that can provide gateway for hackers to attack your system.
- Do not answer calls from individuals posing as your colleagues or known people. These people can get your personally identifiable information and/or Organization’s sensitive information through “vishing” calls.
- Do not give away your Credit / debit card details to a stranger
- Do not connect to unknown and unsafe web-conferencing tools for communicating with your Office personnel. Use secure ones provided by the Organization.
- Do not use software and applications, the support for which has been discontinued by the software company who originally developed the software / applications.
- Do not use your Official laptop for personal use as your personal file dump may contain viruses, worms and Trojans.
- Do not neglect your health and stay safe till the pandemic ends. Do exercises, Yoga, drink water, get enough sleep and balance work & life.
Looking for getting trained on information security? Check out the link below: