The recent pandemic has forced many of us to start working from our homes. In my hometown Dayton, Ohio, most companies were forced to send employees home with very little notice. Due to the resilience of American businesses, most have figured out a way to maintain operations by creating a remote working opportunity for their employees. While this may be a great opportunity for the company and the staff, this also poses new information security risks the company has not had to consider in the past.
The responsibility of proper information security practices is shared by the employer and employee. Employees have access to a variety of company information, whether it is sensitive information, confidential information, or PII (Personally Identifiable Information). A compromise may lead to stolen data, loss of information integrity, financial loss, and/or decline in brand or reputation.
This article is an introduction to a series of articles on how you can strengthen your cybersecurity posture within the home. This series will address the following topics:
- Securing your physical environment.
- Increasing the security of your home PC and network.
- Safe work communication, including recommended settings for Zoom and GoToMeeting.
When most people think of “cybersecurity”, they often refer to user controls, firewalls, encryption, etc. While these are all very important and we certainly should never discount their importance, companies and employees should think of it as “information security”. We should be asking ourselves the following questions:
What information am I trying to protect?
Identify which information is sensitive to the company, project, customer, etc. This may include items such as customer PII, employee PII, new project plans, product designs or formulas, client lists, prospect lists, vendor information, company network designs. Any information a company would not freely advertise to the public should be protected.
How am I protecting it?
When protecting information, the company must consider all avenues of compromise. First, start with listing all the ways you are currently protecting the information. Include firewalls, password protections, number of users with electronic and physical access, physical protections, protections from environmental hazards, etc.
Where am I vulnerable?
Each company should understand the alternative means that an attacker may compromise the information. They must also consider ways the information could be compromised by employees or vendors without malicious intent. Lastly, the company should understand any environmental risks such as flooding and fires. This may require the assistance of a trained consultant. Ideally, someone with experience in risk assessment.
Simply answering these three questions can significantly help you identify the sensitive information and consider all areas containing sensitive information. Understanding that “cybersecurity” is really “information security” helps re-frame your thought process to not only consider your network security, but also files resting on your PC, physical files in your home office, file transmission to others, communication methods with your staff, members, customers, and vendors.
The responsibility of proper information security practices is shared by the employer and employee. As employees and company leadership partner together and continue to offer the best products and services, let us also remember these best practices while working in a remote environment. Stay tuned for the follow up articles with in-depth details on: “How to secure your physical environment”, “How to increase the security of you home PC and home network”, and “How to practice safe work communications, including recommended settings when using Zoom or GoToMeeting”.