In this very particular situation, working remotely will be the only possible way to work for many people and a very wise choice for many others. Safety is the absolute priority for the moment. But cybersecurity has not to be forgotten if we do not want to add digital chaos to the “physical” one. The following are some basic tips to protect teleworkers and their information during these challenging times.
- Take extra care that devices such as USBs, phones, laptops, or tablets, are not lost or misplaced.
- Make sure that each device has the necessary updates, such as operating system updates (like iOS or Android) and software/antivirus updates.
- Ensure that your computer, laptop, or device, is used in a safe location, for example where you can keep sight of it and minimise who else can view the screen (particularly if working with sensitive personal data).
- Lock your device if you do have to leave it unattended for any reason.
- Make sure your devices are turned off, locked, or stored carefully when not in use.
- Use effective access controls (such as multi-factor authentication and strong. passwords) and, where available, encryption to restrict access to the device, and to reduce the risk if a device is stolen or misplaced.
- When a device is lost or stolen, you should take immediate steps to ensure a remote memory wipe, where possible.
- Before sending an email, ensure you are sending it to the correct recipient, particularly for emails involving large amounts of personal data or sensitive personal data.
- Prefer sending encrypted emails every time, if possible.
Cloud and Network Access
- Where possible, only use your organization’s trusted networks or cloud services, and complying with any organizational rules and procedures about the cloud or network access, login and, data sharing.
- If you are working without a cloud or network access, ensure any locally stored data is adequately backed up securely.
- Remote access software (like Teamviewer) should be used very carefully and only by authorized employees. It has to be always updated, and only used in case of absolute necessity.
Special for CISO
- Use Mobile Device Management to secure the devices used by the employees