fbpx

How to Educate Your Work from Home Staff on Information Security

29 May How to Educate Your Work from Home Staff on Information Security

We are now living in an unprecedented time.

Where, for many businesses, working from home is actually going to be the normal.

This may not sound like much, but the ramifications for both employees and staff are massive.

Having a workforce that always works from home affect how the business operates.  It also affects other business areas, such as IT security.

It’s recommended to educate your work from home employees more about information security.

But for many companies this might not be an easy task.

This article talks about what information security is.  It will also give tips to educate staff who work from home.

What is Information Security?

Information Security is the protection of information.  It is also the protection of information systems.

This means preventing unauthorised access.

It also means preventing unauthorised information use, disclosure, disruption, modification or destruction.

Doing this ensures the confidentiality, integrity and availability of the information remains intact.

Why Is The C-I-A of Information Important?

We all deal with tons of information on a daily basis.

From writing and sending emails, to sending Facebook messages, to SMS messages.

But we hardly ever think about what happens behind the scenes when we send or receive data from others.

There are three main factors of information that are important and protected.

Confidentiality

All businesses have information that is confidential.  It depends on what the business does.

Two common types of confidential data are employee records and financial records.

These types of data contain sensitive personal information.  Protection is important so that only people with authorized access can view it.

How to Protect Confidential Information for Work from Home Staff 

If this data is in the cloud, then confidentiality becomes more important.

Work from home employees, when sharing information with colleagues, must make it secure.

They should remove sensitive information from any document they will upload or share.  This can include financial data, personally identifiable information or even document metadata.

Sharing a link to a financial report where anyone can see it is not recommended, for example.  Neither is uploading a sensitive company document to a public location.

Staff should make sure that they set the correct security level for any links they will share.

These links can be from OneDrive or Google Drive or other cloud services.

If you are unsure what security levels programs provide, reach out to them.

It’s also recommended to protect files with sensitive information using a password.

When setting a password staff should use an agreed password manager program.  They allow you to generate strong passwords that are hard to guess.

Share it with only those who need to know and use the principle of least privilege.

The company should also make sure that work laptops and devices are secure with a logon password.

Again, this means strong passwords that are never reused.  Employees must also change them on a regular basis.

This should be part of your company’s IT policy.  It should also outline the policy on setting passwords, which all employees must follow

Integrity

This means that the information isn’t tampered with whilst moving, or at rest.

An example of information being at rest is storing it in a remote file share system.

Data in transit means transferring the data between one system and other.

Unauthorised access to a network share is an integrity breach of data at rest.  This network share could contain sensitive information.   The attacker can then change the data.

Bugs or malware, or a hard disk or device crash can cause an integrity breach of data in transit.

For work from home employees, make sure services they access are secure.

This means any information that is sensitive or private should not be accessible.

Only those staff who need to access it should have the rights to do so.

The last thing you want is to store payroll data in an unsecure manner.

Doing this means that a work from home employee can access it, copy it to their laptop and walk away with it.

They can also edit the data.

Or worse, share it online in public.

How to Protect Against Data Breaches for Work from Home Staff

Protecting data confidentiality can help protect its integrity as well.

This is because removing confidential information can reduce the integrity breach impact.

Password protect sensitive files, perform regular backups, and have an audit trail.

These measures are necessary to prevent integrity breaches for work at home staff.

Having an audit trail can let your IT staff see which staff are accessing files they shouldn’t be.  It also shows who last modified the data and when.

Regular backups allow you to replace any tampered information files immediately.

Generate strong passwords and store them inside a password manager app.  You should do this for all company resources you have to access for your job.

With staff now working in remote locations, having measures and controls is vital.  They make sure that sensitive information is secure and remains unchanged.

Cloud platforms like Microsoft365 have built-in data integrity features.  These include audit trails and file version controlling.

This means you can replace compromised files with earlier untouched versions or backups.

You can also password protect folders and then only share them with those who use the data.

Company’s should also set up user access controls for all staff.

These determine who can access what company resources.  That in turn dictates what information staff can see and work with.

For example, a shared folder in the cloud with payroll data should only be accessible by staff in an HR user group.

That user group in turn may have some users able to edit the data, whilst others can only view it.  It can depend on the job function and role.

Availability

When it comes to accessing our data, we all take it for granted.

We always assume that the data will be there whenever we need it – but what if one day it isn’t?

That’s why protecting the availability of information is also very important.

If your bank continued having outages, and your data was not available, would you keep using it?

Businesses need to make sure that their data is always available when needed.  This is more important with staff working from home.

Most businesses have data stored on network shares or in the cloud, this needs to be always available.

It’s no good if your employees have to access something in the cloud, but it’s always unavailable.

How to Ensure Available Information for Work from Home Staff

For this both your organisation and IT department are responsible.

Protection against denial of service attacks is one way of ensuring information availability.

Another way is to encrypt all data sent and transmitted from work devices.

Work from home employees can encrypt the hard drive of their work computer.

Operating systems such as Windows 10 has this as a feature built in.

The company must make sure it has a robust disaster recovery plan that factors in working from home.

Regular offsite backups are also another way to ensure information availability.

Setting up virtualized servers is also recommended.

It means that work from home staff can use the virtual server if information is unavailable.

Work from home is also an example of a kind of failover.

Because the office is not available the failover becomes the work from home staff.

They must be able to access company resources at home.  These cloud resources need protection.

This can be by strong passwords and user controls.

Being able to work remotely and access the data they need at home enables staff to keep working from home.

Of course, a business must also have a proper failover, in case of disaster.

If there was a fire or hurricane that destroyed the office, the failover would be another site to work at.

This site would have the same hardware and setup as the main office.

All hardware would then failover and work would resume from the new location.

Protect the C-I-A of Company Information When Working at Home

For staff working from home it’s too easy to take information security for granted.

With these tips work from home staff will reconsider how they share data, who with and what they access.

In doing this they all work together to keep the company data’s secure and free from threats.

Managed IT Solutions

Aware offer a wide range of managed IT services to help take care of your business and drive results.  Contact us now to learn more.