KUALA LUMPUR: Most of us will be working from home starting tomorrow (Wednesday, March 18), and if you’re one of them, here are some tips for both employers and employees from Internet security company Sophos on how to do it safely. It’s vital not to let the precautions intended to protect staffs’ physical health turn into a cybersecurity threat at the same time.

1. Make sure it’s easy to get started Many Self-Service Portals (SSPs) allow users to choose between different levels of access, so they can safely connect up either a personal device (albeit with less access to fewer company systems than they’d get with a dedicated device), or a device that will be used only for company work. The three key things you want to be able to set up easily and correctly are: encryption, protection and patching.

Encryption means making sure that full-device encryption is turned on and activated, which protects any data on the device if it gets stolen;

Protection means that you start off with known security software, such as anti-virus, configured in the way you want.

Patching means making sure that the user gets as many security updates as possible automatically, so they don’t get forgotten.

2. Make sure everyone can do what they need

If employees can’t do their job without access to server X or to system Y, it will not be effective for the company. Make sure you have got your chosen remote access solution working reliably first – force it on yourself –before expecting your users to adopt it.

3. Make sure you can see what employees are doing

Don’t just leave employees to their own devices (literally or figuratively). If you’ve set up automatic updating for them, make sure you also have a way to check that it’s working, and be prepared to spend time online helping them fix things if they go wrong. If their security software produces warnings that you know they will have seen, make sure you review those warnings too, and let them know what they mean and what you expect them to do about any issues that may arise.

4. Make sure employees have somewhere to report security issues

If you haven’t already, set up an easily remembered email address where users can report security issues quickly and easily. Remember that a lot of cyber attacks succeed because cybercriminals try over and over again until one user makes an innocent mistake – so if the first person to see a new threat has somewhere to report it where they know they won’t be judged or criticised (or, worse still, ignored), they’ll end up helping everyone else.

Source link

Write a comment:

Your email address will not be published.