e-biz
putting the 'e' into business
Tuesday 20 May 2008, 10:00 PM
Working@Home: Keeping Secure
National Work from Home Day has come and gone, with an estimated five million people skiving to enjoy the comforts of their home. However, even though employees sat comfortably, IT mangers were no doubt uncomfortable at the thought of the security issues that exist around working from home.
To ease this discomfort, here are some top tips on how to be safe and secure while working from home:
1. Use an approved computer for working at home. This way, the company has verified that the necessary protections are in place (up to date virus protection, approved VPN tools, etc.). This will protect you from introducing malware into your company’s environment inadvertently and it will protect you from your company’s ire if ‘something goes wrong.’
2. Make sure everything is updated. Before you start working on your computer or laptop make sure you turn on your automatic updates for your applications as well as installing the latest anti-virus and anti-spyware software to make sure you and your personal information is also protected.
3. Never enter your username and password on a page you arrived at by clicking on a link in an e-mail, IM message, third-party Web site or social networking site. These are the tools hackers use most often to steal passwords.
4. When entering your username and password on any site, always verify first that the URL in the browser’s address bar matches the URL of the site you (think) you are accessing. This is the best way to ensure your password won’t be intercepted by some evil-doer.
5. Set limits about what you are willing to expose about yourself when working online and remember the context of the interaction (business or personal). Be wary, since embarrassing or inappropriate information about yourself may appear in contexts that you did not expect. It is very difficult to ‘clean up’ your profile later on.
6. Social networking sites and blogs are business tools, make sure you are using a safe environment for professional networking. Treat the network as a resource of valuable information, and tap into your colleagues’ expertise with the collaborative tools available on the network.
7. Secret is not secured. Some social networks, like Facebook, allow users to engage in private or secret groups. Although these forums take place away from the public eye, apt hackers can still crack open the discussion boards and access conversations, unless appropriate enterprise-grade safeguards have been put in place.
8. When adding RSS feeds to a feed reader, always prefer to use a link you got from the content provider’s Web site rather than from any third party (an e-mail, an IM, a link on a social networking site etc.) This improves the likelihood that the information you are seeing is what the content provider intended.
9. When accessing corporate applications from a Web browser, use a separate browser instance, not just a new tab or a new window opened from the browser you are using to access public sites. This makes it more difficult for hackers to launch request forgery attacks that target your corporate systems.
10. When using public sites for work related tasks, be aware of the information you expose. Keep In mind, the search queries you run, the sites you visit, your Web-based bookmarks and tags, the RSS feeds you've subscribed to and your social network connections are all potential sources for data leakage.
11. When using Web-based collaboration tools, avoid exposing proprietary information. Even when communicating with colleagues, the information you provide can easily become accessible to unauthorised parties.
12. Familiarise yourself with your employer's acceptable use policy for employee blogs and social networks. Adhering to such policies will help avoid any unpleasant situations. If your employer hasn’t published such policies, demand them.
13. Keep personal and business ‘digital assets’ separate. As personal lives and business lives merge, it becomes increasing compelling to do personal tasks on work time. Be careful not to merge these two lives on your computer. Some tips - use business time for business and do not store personal files on your business computer (and vice versa).
Previous
