To limit the spread of the coronavirus, far-reaching measures have been taken. These include measures to maintain social distance and avoid getting together in groups. This means that most of the time we can no longer work in the usual way. This requires creativity in devising and short-term implementation of new ways of working. Among other things, in order to safeguard the privacy of yourself, clients and others, it is important to keep an eye on the security of (sensitive) information in these new and possibly creative ways of working.In this article I will discuss the concerns and risks of working from home in these special times.
The home office is accessible not only to colleagues, but also to all roommates and any visitors. Therefore, they can (inadvertently) see documents that are on the desk or have been discarded, and they can look in on screens. They may also be able to hear what is said during phone calls or video conferences, especially if the laptop's speaker is on in the process. To minimize the risks, I have the following tips:
Preferably work in a separate room, not in the kitchen or living room.
Close the door when talking on the phone or video conferencing. Then your roommates won't be as bothered by it either.
When calling or video conferencing via PC, preferably work with earbuds or headphones.
Avoid using names of customers, clients and/or patients. You can mention them once to make sure who you are talking about, then it can be about "the customer," "the client," et cetera, and naming is really not necessary.
Don't leave (confidential) documents on your work table/desk; put them away.
Work digitally as much as possible, not with paper. If you do print, make sure confidential documents are not left on the printer.
Don't throw confidential documents with the scrap paper; keep them in a locked place to be disposed of later at work. Do you work a lot with confidential documents? Then consider buying a paper shredder. You can get these for as little as €100. Just make sure that the device meets at least level P3 or preferably P4 of the standard DIN 66399.(1)
Many people will use a laptop from their employer for working from home. If so, the IT department has (if all goes well) taken care of secure settings. Sometimes it is necessary to work on a private PC. The risk is that files from work and private get mixed up and the private PC has less secure settings. Therefore, we provide the following tips:
Create a separate username on the PC for work and make sure other users work with a different username. This keeps data separate and makes it easier to delete work data from the private PC after the home work period.
Make sure the Windows Firewall and Windows Defender or another virus/malware scanner are on.
Make sure the latest security updates are installed. This is especially important for Windows and for your Internet browser. Windows can do this automatically with Windows Update, and many browsers, such as Chrome, can do this automatically as well.
Lock your PC screen when you walk away for a while. Of course, this is only effective if you use a PIN or password. The settings to set this can be found by pressing the Windows start button and typing "lock screen" or "lock screen." You can also set here to automatically lock the screen when you haven't used the mouse and keyboard for, say, 10 minutes.
Install only licensed enterprise software. Consult with your organization's IT department. Without a license, you are working illegally.
Only use (free) cloud services in consultation with your employer. The latter can then ensure appropriate agreements with the provider, for example, about security and the processing of personal data.
Consider storing confidential documents in encrypted form. This can be done by putting a read password on a Word, Excel or PowerPoint file or by including the files in an encrypted ZIP archive.
For cybercriminals and other hackers, every crisis is an opportunity. With the threat of the corona virus in the background, the temptation to click on links or attachments of emails is greater than usual. The criminal senders of these emails are also getting smarter about it. These phishing emails are quite often about new treatment methods, testing options outside official channels or how to protect yourself and your loved ones from infection.
So be extra careful when clicking on links and opening attachments, especially from senders you don't know.
So as an employee, there is much you can do to keep information secure in the home office. If you have questions or doubts, consult the experts in your own organization, such as the IT department or a security or privacy officer.
(1) for more information, see for example: https://nl.wikipedia.org/wiki/Papiervernietiger
This article can also be found in the Coronavirus dossier
