The Data Protection Commission Ireland published a couple of tips and orientations on how to keep your data protected when working from home or remotely. Cyberattacks still on the rise and using COVID-19 as a fishing technique to attract users and get what they want. So, now more than ever, it’s time to protect our devices and make sure that we are working from home in a safe way from both perspectives, from the company and its users.
Take extra care of your devices, such as USB’s, laptops, mobile phones, etc, are not lost or misplaced.
Check if all our devices are updated. You should check the latest operating system updates, software and antivirus.
You must ensure that your device, laptop or mobile phone, for example, are in a safe place, where you can keep in sight. When dealing with sensitive personal data you should keep people away from your screen to avoid them seeing your data.
Lock your device if you do need to leave it unattended for any reason. Don’t trust that nothing will happen.
When not in use make sure your device is turned off, stored and locked in a safe place.
Use effective access controls (such as multi-factor authentication and strong passwords), and, where available, encryption to restrict access to the device, and to reduce the risk, in case it is stolen or misplaced.
In case a device is stolen or lost, you should take steps immediately to ensure a remote memory wipe, where is possible.
When connecting your work computer to your home network, make sure you don’t make it visible to other computers in the network. If you have to add it to the HomeGroup, then make sure the option to share files is off.
Follow any applicable policies in your organisation around the use of email and ensure that you comply with them.
Use work email accounts rather than personal ones for work-related emails involving personal and sensitive data. If you use your personal email, make sure that content and attachments are encrypted.
Don’t write personal or confidential data on the subject lines of your emails.
Double-check you are sending your email to the correct recipient, mainly if it contains personal or sensitive data.
Cybersecurity Best Practices
It’s easy to forget all the security precautions that we are already used to follow in the office when working from home. Find below some of the most important ones:
Be extra vigilant with phishing emails. There will be many going around trying to capitalize on fear related to the coronavirus, questions about isolation and its psychological impacts, or even pretending to offer advice or health information. Scan those emails with a sharp eye and do not open attachments unless they’re from a known, trusted source.
Related to phishing: we can expect to see a rise in Business Email Compromise (BEC) fraud. Your organization may be sending you many emails and missives about new workflows, processes, or reassurances to employees. Watch out for those disguising themselves as high-ranking employees and pay close attention to the actual email address of senders.
Cloud and Network Access
When it is possible to use only your organisation’s trusted cloud and network services. Make sure to comply with your organisation rules and best practices for cloud and network access, login, and data sharing.
In case you are working without cloud or network access, ensure any locally stored data is adequately backed up in a secure manner.
Paper Documents and Records
It is important to highlight that data protection applies to not only electronically stored or processed data, but also personal data in manual forms, such as paper records, for example. So, while working from home, you need to keep these eventual records safe and make sure to comply with your companies’ data protection policies.
While working from home, and dealing with paper records, take steps to ensure the security and confidentiality of these records. You can keep them locked in a filing cabinet when not in use. If you need to dispose of them you must shred. The most important is to guarantee that they wouldn’t be misplaced or stolen.
If you are dealing with records that contain special categories of personal data (health data, for example), you should take extra care to ensure their security and confidentiality, and only remove such records from a secure location where it is strictly necessary to carry out your work.
You should keep a written record of which records and files have been taken home, in order to maintain good data access and governance practices.
The article above is based on the below sources:
Cybersecurity and Data Protection Courses at New Horizons Ireland
In a fast-paced environment, investing in technical training is the best way to overcome the Cybersecurity challenges. At New Horizons Ireland we provide a wide range of Cybersecurity courses from different vendors and covering all paths that you might want to follow.
In the link below, you can check all our Cybersecurity paths and choose the best option for your career.
Data Protection Paths
Talk to one of our Account Managers to check all your options and possibilities. New Horizons Ireland courses are available in a variety of modalities to attend your needs, such as online live, instructor-led in our Dublin classroom and Mentored Learning, which is a convenient way to attend your course at your own pace and availability.