Following on from COVID, working from home is now a standard working practice, but how do we go about it in a secure way. In this blog, we aim to provide 10 top tips to enable you to keep important information assets safe and secure whilst working remotely.
1 Keep assets out of sight
Store laptops and other computer equipment out of sight when not being used, this way they won’t become a target. Make sure you do this when transporting them as well, put them in the boot, not on the back seat. And do the same with hardcopy confidential information.
2 Clear ScreenDF
Most organisations have a clear screen policy, part of which requires screens to be locked when you are away from your desk. You should continue to do this when at home too. Predominantly, this is to keep confidential information away from family members, tenants or visitors in your home, but neither do you want the cat to walk across your keyboard undoing all your hard work!
3 Strong Password
If you can use your own computer/device for work purposes, make sure that you have set a password that meets your company’s password policy.
4 Anti Virus
If you are using your own computer/device, also make sure that you have up-to-date anti-malware (anti-virus) software installed and running.
Make sure your computer is fully patched. For most of us, that means checking that Windows updates have been installed.
6 Router and Wi-Fi
Many of us will be connecting to the Internet using a Wi-Fi router. There are a couple of things to check here. First, make sure that the router itself is password protected and that only authorised people know the password. The second is to ensure that the Wi-Fi connection is password protected and is also encrypted. Check the settings on the router. You are looking for WPA-2 to be enabled. This stands for Wi-Fi protected access, and it is enabled by default on most modern routers - but check to be sure.
7 Setting up Virtual Network
For the technical ones among you, consider setting up a separate virtual network within the router that only your work computer is connected to. This will mean that even if other systems/devices in your home have weak security, you will have an extra layer of protection. These other systems/devices include mobile phones, tablets and computer systems that belong to other members of the family. These may not be fully patched and may not have adequate protection from malware.
8 Separate Network
If you have items that have a Wi-Fi connection for the sake of convenience, consider putting these into a separate network as well. We call this the Internet of things (IoT) and it comprises items such as Wi-Fi-connected central heating systems and other home automation products, and maybe even the fridge and the kettle!
If you need to send information from home to somewhere out there on the Internet, consider encrypting the files before you send them or, better still, encrypt your connection end to end by using a VPN for Mac or Windows.
10 Stay informed
This means that you should ensure that you take your information and advice from reputable sources. Unfortunately, the pandemic also presented an opportunity for scammers. Always seek information from primary, trustworthy sources, such as the government’s website or the websites of your bank or major brands. Always type in the address of such websites into your browser if you know it. Never click on a link in an email or social media message.
Help is available from your organisation’s IT, information security or compliance department. Follow their guidance and if you are not sure about something, ask. In this situation, the old adage applies – ‘there is no such thing as a stupid question’.
Having been involved in over 350 successful ISO 27001 certifications, URM is ideally placed to advise you on the essential activities and tasks you will need to carry out in order to maintain and improve your ISO 27001 auditing function and programme
URM can help you get ISO 27001 certification
URM can help you with ISO 27001 audit
When managing the security of your organisation’s information assets, you will need to consider the scope of what you are doing.
Due to the increased use of technologies and the ‘human’ involvement, it is inevitable we are all going to face more and more information security incidents.
ISO 27001 is the International Standard for Information Security Management. It provides organisation with a framework and an approach to protecting assets