Information security when working in a home office

#
Security Awareness
#
Trends
Information security in the home office. Preview image: Laptop with security lock on the screen.
When working from home, the rules of information security still apply. This includes the clear desk and clear screen rule, as well as secure calls and network connections.
We have an e-learning and information sheet for you about the home office. In connection with the current situation, we have also put together a special offer.

--> Read more in our news article «
The current situation challenges us all».

In the current situation, many companies have had to send their employees to their home office. However, rules about information security must be observed here too. In this article we explain what you should pay attention to in your home office.

We at TreeSolution have always worked in our home offices and therefore we are also familiar with the processes and security aspects. The current situation is not new for us, but it is for many other companies and employees. Above all, the current situation with COVID-19 meant that many companies had to switch to a new work model very quickly, which was not always easy for the companies and their employees. In order to make the situation regarding home office and the associated challenges for information security easier for you, we have put together some tips on what you should pay attention to when changing over.

Working from home with your notebook, making business calls and video conferences, editing business documents - today's technology has made it possible to access and communicate company information from almost anywhere. However, certain rules must be followed.

The challenges of the home office


If these principles are not respected, there is a risk that confidential information will be stolen, copied or tampered with. There is also the risk that your computer will be tampered with to give unauthorized persons unrestricted access to all your data and to our network.

The same rules apply when working at home as when working in the office. However, some aspects deserve additional attention. Roughly speaking, they are the handling of company-internal data, and secure internet and network connections, as well as the handling of mobile devices and storage media.

If you are working in your home office for the first time, you must first find a place where you can work undisturbed. This can be a challenge, especially when you have children at home. Ideally, you also have an office at home in which you can be alone. Ideally, you also have a lockable cupboard in your home office, where you can securely store your company equipment and documents. In addition, your internet connection should be protected with a suitable password to prevent third-party access.

Keep in mind that when working at home, conversations can also be heard by family members or others, your screen and documents can be read or stolen, and confidential documents can end up in household trash or as unsecured wastepaper. In addition, Internet and Bluetooth connections can be intercepted and manipulated by third parties to gain access to data, whether yours or that of your company. Mobile devices and storage media can easily be lost at home. Your child might play with them and hide them. They can also be stolen. If third-party data storage devices are connected to the company device, they can infect the company network with malware or be infected by malware themselves.

Which information security aspects must be considered?

For information security at home, there are a few basic principles that should be followed:

At work

Cyber security: proper handling of mobile data storage devices. A pictogram of workplace with roof above.

Always keep your workplace neat and tidy. Clear desk and clear screen rules should also be followed at home. This means that all company documents should be kept in a lockable cupboard after use and only be placed on your desk or table if they are needed immediately. Your screen must be locked when you are away from the workplace, even if only briefly. After all, your child might sit down at your computer when you are not watching and delete information or download something inappropriate. Or your home helper might see information that is internal to the company and should not be made public.

Any company documents that you have taken with you or printed should be shredded or disposed of in an appropriate container in the company. If they are to be disposed of in the office, keep the documents in a lockable cabinet until that time, so that unauthorized persons cannot steal them.

Tip:

  • Close all company documents after work and when you are away from your work.
  • Shut down your PC after work, lock the screen when you leave your workplace.
  • Minimizing all windows so that information is not directly visible is not enough.
  • Align your workplace so that you sit with your back against a wall and install a privacy filter if necessary, so that nobody can look at your screen. Simply setting the screen to be dark is not enough.

Conversations

Cyber security: proper handling of mobile data storage devices.  A pictogram of group of people with speech bubbles.

When you are on the phone or having a video conference, make sure that no one else, including your family, can listen in. This applies particularly to confidential and secret company information. If such information becomes public, it can cause considerable damage. In other words, keep the window and door closed at such moments and stay inside for the conversation. Even if the weather is nice and warm and you are tempted to work on your balcony, stay inside. In addition, in case someone is listening, you should not mention real names of people and projects during conversations but use codes instead so that identities are protected.


Examples:

Topics that can be discussed outside of the company:

  • Employee magazine
  • Published interview with the CEO

Topics that should not be discussed outside the company or only with appropriate precautionary measures:

  • Framework agreements with suppliers
  • Content of team meetings
  • Job references
  • Customer contracts with special conditions
  • Strategic plans of the company

Secure internet and network connections

Cyber security: proper handling of mobile data storage devices.  A pictogram of notebook with internet connection.

As we have already mentioned, you must secure your internet connection with a good password. Also, be sure that you only access the Internet using your own Wi-Fi access or your mobile phone. Configure a password on your personal hotspot on your cell phone so that unauthorized persons cannot surf the net or steal your data. Other networks such as freely accessible but unknown Internet connections or a neighbor's network should not be selected, as these may not be secure.

A VPN or Citrix (or similar) connection should always be used to access the company network. Check with your manager or the company's IT service desk to find out which service you should use to access company data.

Make sure that Bluetooth or other connections are password-protected or that their use must be explicitly confirmed. Settings made by the IT service desk on a company device should not be changed as this represents a security risk. After your work has been done, all wireless connection options (Internet, Bluetooth, etc.) should be switched off to prevent unauthorized access.

Install an anti-virus program for your private notebook or PC.


Tip:

  • Only access the Internet and the company network with the company notebook or private devices via VPN, Citrix or other secure remote access services.
  • Use only private, password-protected Wi-Fi or your own cell phone hotspot.
  • Do not change the network settings on the company device.
  • Switch off communication connections (WLAN, Bluetooth, infrared, etc.) when not in use.

Use of mobile devices and storage media

Cyber security: proper handling of mobile data storage devices. A pictogram of different mobile devices.

Save only as much company data as necessary locally on the device used for work and only store the data temporarily. For security reasons, all company data should only be stored on the company server if possible. If you need to edit confidential or secret data, do not save the data on an external data carrier or locally on the device, unless it is encrypted. External storage media that you have not received from the company should not be connected to your work device, as these could be contaminated with malware.

If a company device or private device that you use for work has been stolen, report this immediately to your company's IT service desk.

Defective or outdated devices should be returned to the IT service desk for disposal. You must delete the data securely before disposal. Reformatting is not enough.

Protect your smartphone and/or tablet from unauthorized access with a password and a SIM PIN (at least 6 characters long). Also activate the automatic switch-off so that the device locks itself after a certain period. Make this period until automatic switch-off takes effect as short as possible. Always keep the screen of these devices clean so that there are no visible signs of access codes.

Tip:

  • Encrypt locally saved company data.
  • Report theft of devices to the IT service desk.
  • Protect both your smartphone and tablet with a PIN.

Don't forget the other aspects of information security

New ways of working are always a challenge at the beginning. Don't let them put you off. With a little support, you can be confident about handling the new situation. As a company, it is important to properly inform employees about how they should behave in their home offices. Establish rules and communicate them. Support your employees as much as possible to cope with the new situation and work environment.

Make employees aware not only of specific rules of information security that should be observed in the home office, but also about the other office rules that still apply, such as dealing with phishing, choosing good passwords, how to behave on the Internet and how to deal with e-mails. Similarly, make employees aware of how documents should be correctly classified and handled. Be clear yet again about the dangers posed by social engineering, phishing and malware, because in an extraordinary situation like the one we are currently experiencing, fraudsters are increasingly trying to gain access to private and company information and are taking advantage of the circumstances accordingly.

Employees who know what to look out for in terms of information security can protect your company not only from the office, but also from their homes. Give them your support! We are happy to give you our support too.

We also have an information sheet on the topic of home office. Download it here free of charge.
Newsletter

Don't miss any more news about cyber security awareness and get tips and tricks for employee training in your company.

Vielen Dank für Ihre Newsletter Anmeldung.
Beim Absenden des Formulars ist etwas schief gelaufen.
Umschlagsymbol

Form, E-mail, Phone

You can fill out a short form or send us an email. We will get back to you within two working days. You can also call us directly. Click on "Contact" and you will receive all the necessary contact details.

Kalendersymbol

Free online consultation

If you would prefer to book a specific appointment, you can do so by clicking on the blue button below. The online booking system will open in a new window and you can schedule your free consultation.