Useful Security Practices for Your Home Office
In response to the COVID-19 pandemic, a growing number of states and localities have issued workplace restrictions as part of their efforts to prevent the spread of the disease. These “shelter-in-place” orders generally require businesses not considered “essential” to close their physical offices and continue their operations remotely causing much of our workforce to shift their daily work from an office setting to a work at home (W@H) setting.
In a typical office setting, your IT department has worked hard to put both physical and logical safeguards in place to ensure that the data, particularly the sensitive data (such as personally identifiable information (PII)), that you are working with on a daily basis is protected from both malicious and accidental disclosure.
Therefore, as you transition your work space to your home, it is important to keep the following physical and logical safeguards in mind for the duration of your W@H period:
Physical safeguards in your W@H space
- If you have other family or roommates living in your home, your devices should always be shut down or locked when not in use. This includes locking the device when you step away to attend to family or even have a lunch break.
- Some employees may not have space to dedicate as an office at home. If this is the case, be sure to collect any work-related devices and put them away at the end of your work day.
- Does your home have a screened porch or deck? It can be tempting to work outside in good weather, but it’s key to remember that we all tend to talk louder when we are on the phone, so be mindful that others may be listening. If you are having a phone or video conference where sensitive data may be shared, be sure to think about the best place to take this phone call privately.
- If you have been tasked with sending company mail containing sensitive data, consider dropping it in a post office box rather than leaving it exposed to the public in your mailbox.
Logical safeguards in your W@H space
- Access to your work-related devices should always be password protected and the password should meet the standards established by your company’s IT department. If these are not required by system configuration, check your company’s password policy to confirm that the password meets its standards.
- Much like in the office, be sure not to write passwords down on notepads as a tool for remembering them. These can easily be compromised. Instead, consider using a password management tool to keep these passwords safe. Your IT department may have ideas to help with managing multiple passwords across different software.
- Make sure to secure your private at-home wireless network before using it for work purposes. To do so, configure your home router to require a password to join the Wi-Fi. Passwords should be complex and not easily recognizable. It is not recommended to use your router’s default password, as these are easily found using a quick google search.
- Do you use a public wireless connection in your home office? Some users have access to free Wi-Fi through their building or Wi-Fi providers within their city. If this is the case, use a virtual private network (VPN) to mask the sensitive data you transmit over the internet ensuring that it is not visible to others sharing that same public network. VPNs usually are provided to you by your IT Department. If your company has not provided one, consider investing in one if you are using a public Wi-Fi connection.
- Be mindful that malicious actors ramp up their attacks on businesses to capitalize on their fear and uncertainty, therefore, it would be wise to refresh yourself on your IT department’s security awareness training. Always be wary of phishing emails and phone scams.
At home we are often not as vigilant as we are in our typical office setting. Ensuring that we practice the same or even better physical and logical safeguards than we do when we are in the office is vital for continuing business operations in these times of uncertainty.
For more information, please contact your BNN advisor at 800.244.7444.
Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, investment, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.