Security tips for working from home
By Caroline Atkins & Bridget Sullivan• 07 April 2020 • 3 min read
The rapid spread of COVID-19 has resulted in an unprecedented global crisis. Many companies are encouraging, or enforcing, employees to work from home, so as to reduce the impact of the spread of COVID-19. A number of these decisions are being made quickly, with a focus on the health and well-being for all staff members, clients, and the public at large.
This quick response to a rapidly changing situation may leave organisations at risk of security vulnerabilities. Security obligations are not suspended during these times of crisis!
This article sets out some security tips for working from home.
Only take home the essentials
Taking home hard copies of confidential or other sensitive information should be avoided. If it is necessary (and permitted by your security requirements!) to take this information home, ensure it is protected by appropriate safeguards (e.g. in a locked drawer, with yourself as the only keyholder).
This principle should apply to all important documents – ensure any irreplaceable documents (like originals) are kept away from pets, artistic toddlers, and muddy shoes.
Consider who may be around
You may be sharing a space with family members, housemates and cleaners. Consider whether the information you may have lying around could pose a security (or even probity) risk. Are you working on an RFT and your housemate works for a company which may tender for the work? Hide it! And keep sensitive phone calls to a minimum and conducted in private.
Keep your devices close
Avoid leaving your devices in the car or communal areas when you are not using them. Is your housemate throwing an isolation party (with less than 100 people indoors, of course)? Coles delivery man delivering 800 rolls of toilet paper? Keep your devices and documents out of sight and out of reach.
Use approved technology
Some organisations allow their employees to bring their own devices, and connect to the appropriate networks via Citrix (or similar). If this is how you intend to work from home, consider the following principles (these also apply to use of devices provided by your organisation):
- ensure your device has been pre-approved by your organisation and otherwise complies with internal policies;
- avoid saving official documents locally, visiting dodgy websites, and ignoring system updates (as these usually include important security patches);
- ensure that any automatic upload of your content to a personal cloud storage provider is disabled;
- ensure that you use strong passwords (and try to use different passwords where possible);
- avoid sharing your device with family members who may inadvertently access information, or click on a dodgy link;
- avoid printing at home or in public places (sensitive data may be exposed to third parties);
- report any incidents to your IT team ASAP; and
- recognise that your IT help desk may not be familiar with your device, so may encounter issues when things go wrong.
Use your own Wi-Fi
Wi-Fi in public places, or your neighbour’s unsecured network, may include some security vulnerabilities. Use your own secure Wi-Fi if you can, or tether from your mobile’s hot spot.
Considering sharing your #WFH set up on social media? Ensure any sensitive information (including on your screen, hard copy documents, notes, or reflections) is obscured.
Know your policies
Does your workplace have working from home, working away from your desk, or enterprise mobility policies? Know them well, and take the appropriate measures outlined in those policies to ensure you are safe and compliant.
Maddocks has produced guides to a range of legal issues raised by the coronavirus (COVID-19). You can access these guides here.
Commonwealth security snapshot – NSW Cyber Security Standards Harmonisation Taskforce recommendations report
Partner Gavan Mackenzie and senior associate Nick Topfer provide updates on issues related to Commonwealth procurement...
Staying vigilant: A new tool to mitigate against data re-identification risks
By Katherine Armytage & Tara Dhanushkoti & Darcy Gilligan
A newly developed privacy tools to assess the privacy and security risks involved with de-identification datasets.
New year, new contracts – tips and tricks for ICT contracting in 2021
ICT contracting tips and tricks from 2020
An audit of New South Wales local government procurement
By Joshua Same
We provide an overview of the NSW Audit Office performance audit on ‘Procurement Management in Local Government’