Security tips for working from home
By Caroline Atkins & Bridget Sullivan• 07 April 2020 • 3 min read
The rapid spread of COVID-19 has resulted in an unprecedented global crisis. Many companies are encouraging, or enforcing, employees to work from home, so as to reduce the impact of the spread of COVID-19. A number of these decisions are being made quickly, with a focus on the health and well-being for all staff members, clients, and the public at large.
This quick response to a rapidly changing situation may leave organisations at risk of security vulnerabilities. Security obligations are not suspended during these times of crisis!
This article sets out some security tips for working from home.
Only take home the essentials
Taking home hard copies of confidential or other sensitive information should be avoided. If it is necessary (and permitted by your security requirements!) to take this information home, ensure it is protected by appropriate safeguards (e.g. in a locked drawer, with yourself as the only keyholder).
This principle should apply to all important documents – ensure any irreplaceable documents (like originals) are kept away from pets, artistic toddlers, and muddy shoes.
Consider who may be around
You may be sharing a space with family members, housemates and cleaners. Consider whether the information you may have lying around could pose a security (or even probity) risk. Are you working on an RFT and your housemate works for a company which may tender for the work? Hide it! And keep sensitive phone calls to a minimum and conducted in private.
Keep your devices close
Avoid leaving your devices in the car or communal areas when you are not using them. Is your housemate throwing an isolation party (with less than 100 people indoors, of course)? Coles delivery man delivering 800 rolls of toilet paper? Keep your devices and documents out of sight and out of reach.
Use approved technology
Some organisations allow their employees to bring their own devices, and connect to the appropriate networks via Citrix (or similar). If this is how you intend to work from home, consider the following principles (these also apply to use of devices provided by your organisation):
- ensure your device has been pre-approved by your organisation and otherwise complies with internal policies;
- avoid saving official documents locally, visiting dodgy websites, and ignoring system updates (as these usually include important security patches);
- ensure that any automatic upload of your content to a personal cloud storage provider is disabled;
- ensure that you use strong passwords (and try to use different passwords where possible);
- avoid sharing your device with family members who may inadvertently access information, or click on a dodgy link;
- avoid printing at home or in public places (sensitive data may be exposed to third parties);
- report any incidents to your IT team ASAP; and
- recognise that your IT help desk may not be familiar with your device, so may encounter issues when things go wrong.
Use your own Wi-Fi
Wi-Fi in public places, or your neighbour’s unsecured network, may include some security vulnerabilities. Use your own secure Wi-Fi if you can, or tether from your mobile’s hot spot.
Considering sharing your #WFH set up on social media? Ensure any sensitive information (including on your screen, hard copy documents, notes, or reflections) is obscured.
Know your policies
Does your workplace have working from home, working away from your desk, or enterprise mobility policies? Know them well, and take the appropriate measures outlined in those policies to ensure you are safe and compliant.
Maddocks has produced guides to a range of legal issues raised by the coronavirus (COVID-19). You can access these guides here.
Managing climate change-related risks in the financial system
By Patrick Ibbotson & Jessica Dorricott
Risks posed by climate change to the stability of the US financial system.
GDPR decision slaps down Privacy Shield and imposes strict conditions on Standard Contractual Clause
Impacts for Australian entities who are either directly subject to the GDPR or receiving personal data from the EEA.
What is in a name? The disclosure of public servants’ names and contact details under FOI
The OAIC has issued a position paper on the disclosure of public servants’ names and contact details in documents.