Reading time
13 minutes
What will you learn?
In this component you will become familiar with all actions you must take in order to be able to work securely and reliably at work, on the road and at home.
Summary
Working securely at work, on the road and at home requires above all that you learn to follow several standard routines. Locking your screen when leaving your computer, at all times and everywhere, and using a webcam cover and privacy film, being cautious about discussing business information when you are on the road and limiting synchronisation and other forms of data exchange between your business and personal equipment. By following these routines, you can substantially lower the risk of a data breach occurring at any given moment.
Working securely and reliably, at all times and everywhere – it seems like such a no-brainer. Everyone wants that, right? Of course! But how do you achieve that? It is already pretty difficult to work from home and not embarrass yourself...
But it isn't 1986 anymore. In this day and age, we are connected and ‘synced’ 24/7. And that has its advantages, but also disadvantages and risks. And it's pretty easy to do something about those risks. Can you state what action can best be taken in each scenario?
It may sound ridiculous, but you must also work securely when in your own workplace. Not only for yourself, but also in order to guarantee the privacy of your colleagues and external parties. No matter how much you trust your colleagues and students, our school is and will remain an open institution. And within that context, we must strike a balance between open and safe.
It's not rocket science. By teaching yourself a few simple routines, you are almost guaranteed to work securely and reliably. And in so doing, you can minimize the risk of data breaches. That's reassuring, don't you think?
What do you think are the four most important actions you can take when it comes to ‘Working securely at work’?
It may seem insignificant, but if you fail to do this, it can have big consequences. Always lock your computer screen if you are going to be away from your computer, even if only for a minute. In this way, you will know for sure that no one can simply access your files and programs. Many laptops can easily be locked by briefly pressing the on/off button or closing the laptop.
On a (Windows) desktop computer, you just have to press the Windows logo key plus the ‘L’ key or Ctrl-Alt-Del-Enter at the same time. Always lock the door to your office space if you are the last one to leave the room. In this way, you can be sure that no malicious parties can access your computer, documents, cupboard or other location storing potentially sensitive information.
And if it does happen, you know that means trouble. So not even the ICT department of our school will ever ask for your password (they will NEVER do this!). If you receive an email, text message or other message asking you to share your password, for whatever reason, don't do it.
Two simple steps you can take to make sure that others (whether intentionally or not) cannot look at you or your computer screen. With the webcam cover, you can make sure that if someone takes over your webcam remotely, they cannot see what you are doing (e.g. to blackmail you later with the recordings). And privacy film ensures that the viewing angle from which others can look at your screen while you work is very narrow. You can collect both of these for free at [fill in location]. Definitely recommended.
In addition to digital information, you probably also produce a lot of offline information. The whiteboard covered with notes including with regard to the financial forecast for the coming year which has not been cleaned, the department facebook on the A4-size sheet of paper you accidentally leave behind on the printer or the post-it next to your computer with your password and login name on it. Keep in mind that this kind of information can be just as damaging as digital information if it falls into the wrong hands.
There are situations in which it is almost unavoidable: you must send that one big attachment, so you quickly log in on the free WiFi-network! A few days later, you find out that there is malware on your laptop... Data you send without a VPN connection via an unsecured public WiFi network can be read and analysed by anyone. Watch this video clip to see how fast that can happen.
Usually it involves less harmful forms of data breaches. For example because that curious George sitting next you on the train is able to look at your screen while you work, or the person behind you on the bus is listening in on that juicy story you are telling about your colleague. If you work on the road, be very careful and cautious about discussing and showing information/business information.
What do you think are the four most important actions you can take when it comes to ‘Working securely at work’?
All traffic transmitted via a public WiFi network can easily be read by others. You must therefore never (whether for business or personal purposes) use a public WiFi-network. The only exception to this rule is if you use a VPN connection. Then all of your internet traffic is encrypted and no one can simply read it.
It's a great term, shoulder surfing. These are the situations in which you are standing on a crowded train or metro and you quickly send a business email from your telephone, while others can easily look over your shoulder. 99% of the time, that's not a problem, but you should try to eliminate all risks by taking care to ensure than no one can simply look at your screen while you are working. Using privacy film on your screen to significantly reduce the view angle is definitely recommended.
Like shoulder surfing, eavesdropping frequently happens on public transport. Whether intentionally or not, people listen in on others’ conversations and there is always a risk that you will share sensitive information during such conversations. Always be aware of your surroundings and, as a general rule, never discuss sensitive information or information which is still under embargo when you are on the road. Unless you are travelling alone in your car of course...
Make sure that, in addition to your business equipment, your personal equipment is encrypted if you use it for business purposes. The risk that your laptop, telephone or tablet will be stolen is low, but it does happen dozens of times a year. And if it happens, a strong password and two-factor-authentication alone will not be enough to protect your data, with all the associated consequences. A malicious party can, for example, easily remove your hard drive from your laptop and insert it into another computer; in this way, it is still possible to read all of your files.
Phew! Home at last. You know for sure you can trust everyone there. So you can also work in a relaxed manner and you don't have to take care to lock your laptop each time you get up. Right? Unfortunately, it is also extremely important to maintain the same standard of online hygiene when you are at home as at work and on the road. Not because you do not trust your housemates, but because, whether intentionally or not, something can easily go wrong.
How tempting is it to quickly give your children your business laptop so they can watch Netflix? But they will be able to access your files at the same time. How easy is it to sync your business files with your personal laptop? But now, everyone who has access to your personal laptop can suddenly access sensitive data. Or what if you are constantly syncing your personal desktop which has not had any updates in a while, with your business cloud storage? These are just of few of the many conceivable reasons why you should adhere to a few simple rules when at home, too.
What do you think are the four most important actions you can take when it comes to ‘Working securely at your work’?
This is RULE NUMBER 1. The simplest way to make life difficult for hackers and other malicious parties is to make sure all of your equipment is always running on the most recent operating system and that all of your programs are up to date. Hackers often make use of old security holes which have been closed with updates.
So if you don't run updates, your equipment will remain vulnerable to attacks. And that is particularly risky if you sync a business cloud service with a personal device running outdated software. In that way, malicious parties may be able to gain access to your device. Because these sync with a business service, this may also make it possible to gain access to the business service.
You may be tempted to quickly drag a few business files from your business laptop to your personal laptop so that you can easily work on them locally. However, this will mean that these business files will remain on your personal equipment and therefore may be able to be misused. If you want to work on business files on your personal equipment, always leave these in the relevant cloud services and only work on the files within that service.
Don't do it. Not even so they can play that fun game on your telephone. Or to let your housemates watch that film on Netflix because the battery on your personal laptop is dead. Because this gives those people access to all files, conversations and programs on your laptop, telephone or tablet, there is always the risk that, whether intentionally or not, something will go wrong.
Even at home. What may seem like a joke for children (installing an app on mummy or daddy's computer) can have big consequences for you. Make sure both your business and personal equipment is always locked when you are away from your equipment.
All information about the handling of information at our school is laid down in the 'Information Security Policy'. You can download and view this document via the button below: