In the aftermath of the COVID pandemic, remote work has become a prevalent and accepted practice. However, ensuring the security of remote work environments, including those with ISO 27001 certification, is crucial. In this blog, our objective is to present ten valuable tips that can assist you in maintaining the safety and security of your vital information assets while working from home.
1 Keep assets out of sight
To minimize the risk of theft, it is advisable to store laptops and other computer equipment out of sight when not in use. By doing so, they are less likely to attract attention and become a target for potential thieves. This practice should also be followed when transporting such devices, ensuring they are placed in the trunk of the vehicle rather than on the back seat. Similarly, hardcopy confidential information should be treated in the same manner, stored securely and kept out of sight when not required.
2 Clear ScreenDF
Most organizations have a well-defined clear screen policy that includes the requirement to lock computer screens when individuals are away from their desks. This policy should also be followed when working from home. By locking your screen, you not only ensure the confidentiality of sensitive information from family members, tenants, or visitors in your home but also prevent any accidental disruptions, such as a mischievous cat walking across your keyboard and undoing your hard work.
3 Strong Password
If you are using your personal computer or device for work-related tasks, it is important to ensure that you have set a password that aligns with your company's password policy. This means selecting a password that meets the security requirements specified by your organization. By doing so, you enhance the protection of your work-related information and maintain compliance with your company's password guidelines.
4 Anti Virus
When utilizing your personal computer or device for work purposes, it is crucial to have up-to-date anti-malware (anti-virus) software installed and running. This software helps protect your device from potential security threats and malicious software that could compromise sensitive work-related information. Ensuring that your anti-malware software is regularly updated enhances your overall cybersecurity and safeguards both your personal and work-related data.
5 Patching
To maintain a secure computing environment, it is essential to ensure that your computer is fully patched. This includes regularly checking for and installing Windows updates, which provide crucial security patches and fixes for known vulnerabilities. By keeping your operating system up to date, you can significantly reduce the risk of exploitation by cyber threats and enhance the overall security of your computer while working remotely.
6 Router and Wi-Fi
When connecting to the Internet through a Wi-Fi router, there are a few important checks to keep in mind. Firstly, ensure that the router itself is password protected, and the password is known only to authorized individuals. This prevents unauthorized access to the router's settings and configuration.
Secondly, it is crucial to ensure that the Wi-Fi connection is both password protected and encrypted. Verify the settings on your router to confirm that WPA-2 (Wi-Fi Protected Access 2) is enabled. WPA-2 is the recommended encryption protocol and is typically enabled by default on modern routers, but it's always a good idea to double-check and confirm this setting for added security.
By implementing these measures, you enhance the security of your Wi-Fi network, reducing the risk of unauthorized access and protecting your data while working remotely.
7 Setting up Virtual Network
For those with technical knowledge, it is advisable to set up a separate virtual network within your router exclusively for your work computer. By doing so, even if other systems or devices in your home have weaker security measures, you add an extra layer of protection to your work environment. This separation is particularly important when considering devices such as mobile phones, tablets, and computers belonging to other family members, which may not have the latest patches or sufficient malware protection.
By isolating your work computer on a dedicated network, you minimize the risk of potential security breaches or malware infections spreading from other devices to your work system. This provides an added level of security and helps ensure the integrity and confidentiality of your work-related activities and data.
8 Separate Network
To enhance the security of your network, it is advisable to create a separate network for devices that fall under the Internet of Things (IoT) category. These are items such as Wi-Fi-connected central heating systems, home automation products, and even appliances like refrigerators and kettles.
By isolating IoT devices on a separate network, you create a clear separation between your work devices and potentially less secure or vulnerable devices. This segregation helps minimize the risk of unauthorized access or attacks on your work-related systems through compromised IoT devices. Additionally, it ensures that any security vulnerabilities in IoT devices do not pose a direct threat to your work environment.
Setting up a separate network for IoT devices provides an additional layer of security and allows you to maintain a secure and reliable work environment while enjoying the convenience of connected home devices.
9 Encryption
When transmitting information from your home to external destinations on the Internet, it is advisable to prioritize encryption for enhanced security. One option is to encrypt the files themselves before sending them. This ensures that even if the files are intercepted during transit, they remain protected and inaccessible to unauthorized individuals.
A more comprehensive approach is to encrypt your entire connection end-to-end by using a Virtual Private Network (VPN) for Mac or Windows. A VPN establishes a secure and encrypted tunnel between your device and the destination server, safeguarding your data from potential eavesdropping or interception by unauthorized parties. By utilizing a VPN, you can ensure the confidentiality and integrity of your transmitted information, regardless of the specific files or data being sent.
Both encrypting files and utilizing a VPN provide valuable layers of security when sharing sensitive information over the Internet, allowing you to maintain data privacy and protect against potential threats.
10 Stay informed
It is crucial to ensure that you obtain information and advice from reliable and reputable sources, especially considering the rise of scams during the pandemic. To obtain accurate and trustworthy information, rely on primary sources such as government websites, your bank's official website, or the websites of well-known brands. It is always recommended to manually type the website addresses into your browser when visiting these sources, rather than clicking on links in emails or social media messages.
If you have any concerns or questions regarding information security or data privacy, seek assistance from your organization's IT, information security, or compliance department. They can provide guidance and support, leveraging the expertise of an ISO 27001 consultant, to help you navigate potential risks and ensure that you are following best practices. Remember, there is no such thing as a stupid question when it comes to safeguarding your data and security. It is better to seek clarification and ask for help when needed to maintain a secure working environment.