Tip #2: Set – and Maintain – Boundaries Between Work and Personal Data
There has been no shortage of discussions related to the dangers of blurring the lines between personal and corporate communications, but the security ramifications really aren’t up for debate.
As a general rule, corporate data should not be transferred to your personal devices. Every time sensitive data is co-located, the risk to that data is compounded — and you will share a large part of the burden if you happen to move data outside of a corporate audit trail and it’s later found to have been compromised. In a similar vein, you should be cautious about placing your personal data on corporate devices; doing so puts your data outside of your jurisdiction, which means it could be accessed by others without your knowledge.
Here are a few more pieces of advice:
Restrict Access to Your Corporate Devices and Systems
Your corporate-issued devices are intended for your use. Period. Never share your passwords, and do not lend your laptop or corporate smartphone to anyone (not even a coworker) unless your IT team gives you consent to do so. In addition, family and friends should not be given access to your corporate devices to perform personal activities (like checking email, posting to social media, or playing games).
Prevent Eavesdropping and Shoulder Surfing
As noted above, your home office will probably visited by a number of people who shouldn’t know certain details about your work. Be cautious about discussing confidential matters on the phone when unauthorized individuals (including spouses and children) are within earshot. As well, make sure that sensitive information on screens, printouts, and notepads is not visible to others.
Watch What You Share on Social Media
Social media indiscretions are an issue with both on-site and remote employees, but if you work from home on a consistent basis, you can start to feel disconnected from your corporate culture. This can lead you to overshare on public forums — a risky practice.
Your employer is likely to take issue if you share too many details about your work life. There are legitimate dangers associated with making business itineraries, corporate information, and daily routines public on social media.
Tip #3: Use the Tools Your Employer Gives You
If your organization supports a lot of remote workers, it’s likely they have policies and procedures in place to guide you and help you stay as secure as possible. Be sure to familiarize yourself with — and follow — any rules that are outlined for you. Keep the following in mind as well:
Use a VPN When Transmitting Sensitive Data
Virtual private networks (VPNs) are commonly used by organizations that permit employees to work from home. If your company has one, use it to add an extra layer of security to sensitive communications. If you don’t have access to a VPN, be proactive. Ask your IT team for help in identifying, installing, and using a VPN on your laptop and/or mobile devices.
Keep Your Software and Plug-Ins Up to Date
Cybercriminals seek opportunities to exploit known vulnerabilities in software and plug-ins like Adobe Flash, Acrobat Reader, and Java. Your organization may push automatic updates to your PC and other corporate-issued devices, but at least some updates will be in your control (particularly on personal smartphones that you use to access corporate systems like email).
Don’t ignore update requests that come from your IT department or trusted developers; there are very real security implications related to out-of-date plug-ins, software, and applications. To learn more, check out this blog post. The advice you’ll find there will help you improve cybersecurity on all your devices, corporate and personal alike.