cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Information security for work-from-homers

With more and more organizations sending their people home and work from there, I am curious if anyone can contribute some practical policies, guidelines, and procedures for the work-from-homers ?

 


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
2 Solutions

Accepted Solutions
Highlighted
Contributor I

Re: Information security for work-from-homers

I've been working from home for 6 years now. Some hints that I use:
1. Work in an area that you can keep private when needed. I'm lucky enough to have a home office, but even a place in the basement where the family knows to leave you alone can work.
2. I don't print anything.
3. I do take notes, but I shred them when no longer needed. (I have an awesome "Mailmate" shredder from Staples that I also use for most of the paper mail I get).
4. Use a good ISP. I use gigabit service from Verizon FiOS. Much faster than the office, actually.
5. We use Microsoft Teams for everything, which really helps.
6. I use a MFA Cisco AnyConnect VPN to connect to the company.
7. I use a company provided and company controlled PC for work. I never do personal work (other than to browse the internet for stock market and fintech news - that's my industry).
8. Get up and walk around. Don't get stuck in your office. Play some music. Keep your mind sharp.
9. Don't get stressed. Easier said than done, but your mental health is as important as avoiding COVID-19.
10. Keep engaged with colleagues. Teams calls, Teams chats, and even a video meeting can be helpful.
11. Don't lose your sense of humor.
12. Be there for others to lean on.
13. Remain vigilant, but realize that that one pesky medium risk vulnerability may not really be that important these days.
14. Your work priorities must sync with your company's priorities. Right now, crisis management and availability are at the top. That will change over time. Be flexible.
15. Keep up on trending topics. The bad guys are still attacking and victimizing the public.
16. Keep non InfoSec and Risk people engaged. But realize that they may have higher priorities.
17. DON'T ATTEND CONFERENCES UNTIL THIS CRISIS ENDS. Did you see the news on a Dental conference in Vancouver, BC - where COVID-19 was present and spread through the dental community. And it's likely they spread it to some patients? (https://globalnews.ca/news/6685494/elective-non-essential-dental-services-paused-after-covid-19-case...)

And lastly, Keep Calm!

View solution in original post

Highlighted
Community Manager

Re: Information security for work-from-homers

https://staysafeonline.org/wp-content/uploads/2020/03/NCSA-Remote-Working-Tipsheet.pdf

 

I found this checklist to add to your discussion. Something you can share with the newest remote employees of your companies.

(ISC)² Community Manager

View solution in original post

19 Replies
Highlighted
Contributor I

Re: Information security for work-from-homers

I've been working from home for 6 years now. Some hints that I use:
1. Work in an area that you can keep private when needed. I'm lucky enough to have a home office, but even a place in the basement where the family knows to leave you alone can work.
2. I don't print anything.
3. I do take notes, but I shred them when no longer needed. (I have an awesome "Mailmate" shredder from Staples that I also use for most of the paper mail I get).
4. Use a good ISP. I use gigabit service from Verizon FiOS. Much faster than the office, actually.
5. We use Microsoft Teams for everything, which really helps.
6. I use a MFA Cisco AnyConnect VPN to connect to the company.
7. I use a company provided and company controlled PC for work. I never do personal work (other than to browse the internet for stock market and fintech news - that's my industry).
8. Get up and walk around. Don't get stuck in your office. Play some music. Keep your mind sharp.
9. Don't get stressed. Easier said than done, but your mental health is as important as avoiding COVID-19.
10. Keep engaged with colleagues. Teams calls, Teams chats, and even a video meeting can be helpful.
11. Don't lose your sense of humor.
12. Be there for others to lean on.
13. Remain vigilant, but realize that that one pesky medium risk vulnerability may not really be that important these days.
14. Your work priorities must sync with your company's priorities. Right now, crisis management and availability are at the top. That will change over time. Be flexible.
15. Keep up on trending topics. The bad guys are still attacking and victimizing the public.
16. Keep non InfoSec and Risk people engaged. But realize that they may have higher priorities.
17. DON'T ATTEND CONFERENCES UNTIL THIS CRISIS ENDS. Did you see the news on a Dental conference in Vancouver, BC - where COVID-19 was present and spread through the dental community. And it's likely they spread it to some patients? (https://globalnews.ca/news/6685494/elective-non-essential-dental-services-paused-after-covid-19-case...)

And lastly, Keep Calm!

View solution in original post

Highlighted
Community Champion

Re: Information security for work-from-homers

> Chuxing (Community Champion) posted a new topic in Tech Talk on 03-17-2020 09:38

> With more and more organizations sending their people home and work from there,
> I am curious if anyone can contribute some practical policies, guidelines, and
> procedures for the work-from-homers ?  

Make backups.

Frequesntly.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
[Canada] has little reason to worry about illegal immigration.
Like the United States, it shares a long southern border with a
country suffering from high levels of crime, unemployment and
income inequality. But there aren't millions of Americans
yearning to get into Canada. - E. G. Austin http://econ.st/l3lNat
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: Information security for work-from-homers

> DHerrmann (Contributor I) posted a new reply in Tech Talk on 03-17-2020 12:41 PM

> Did you see the news on a Dental
> conference in Vancouver, BC - where COVID-19 was present and spread through the
> dental community. And it's likely they spread it to some patients?

Medical "professionals," no less. The organizers should all be lined up and shot.
15,000 attendees! What the [pr0n filter] were they thinking?

March is *the* big month for security meetings here in Vancouver. We cancelled
the SIG meeting (at which I was to speak), BSides (at which I was to speak), and
CanSecWest is running on a weird, experimental fully remote/virtual basis. (What
with the libraries now being closed, I'm getting a bit depressed.)

(Number Two Daughter is three degrees of separation from one of the attendees,
and was contacted about it. Her company is now all working from home.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Strength lies in differences, not in similarities. - Stephen Covey
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Contributor I

Re: Information security for work-from-homers

@rslade  - British Columbia is one of the world's special places.   Be safe, my friend!

Highlighted
Community Champion

Re: Information security for work-from-homers

Highlighted
Community Champion

Re: Information security for work-from-homers

> DHerrmann (Contributor I) mentioned you in a post! Join the conversation below:

>   British Columbia is one of the world's special places.

I tend to think so ...

>   Be safe, my friend!

I'm trying. But I may have to commit suicide now that the library is closed ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Bad things rarely happen because of one reason. It's almost
always a chain of smaller mistakes. If you can break the chain at
any part, the bad thing does not happen. That's why
mistake-proofing needs to be built in to all processes. Relying
on a human to never make a mistake is a guaranteed way to fail.
- raypesek 20120204
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: Information security for work-from-homers

I have just recently been assigned to a new small agency. We have some people just wanting to open up all positions to work from home WITHOUT providing them company devices. I am arguing against it because we don't know the cyber hygiene of their personal devices. The organization is not very forward thinking in IT and has not prepared for a mobile workforce. Now that they suddenly need to have people work from home they are unprepared to do so. They only have a few people that are prepared to telework. When I first started there 3 months ago I mentioned that they should start preparing to move away from desktops and going to laptops (or other mobile devices). It was met with disdain from the (old-school thinking) CIO. Now they are preparing to issue an emergency purchase for laptops.  probably won't get the laptops for a year............

 

If you have not been preparing for the future and the movement to a mobile workforce, this coronavirus incident should provide some incentive to open your eyes (and those of your company executives) to be able to prepare for the movement to a mobile workforce.

 

Also this is a good time to ensure your DR and BCP plans are up to date.

 

Highlighted
Community Champion

Re: Information security for work-from-homers

I've been an "independent consultant" (you can read that as "unemployed," if you
wish) for a few decades. I also wrote four (or six, depending on how you count
them) books, which involves a lot of working from home, by yourself. Here are
some tips on working from home.

You may not have enough distractions at home. You know home. You are
intimately familiar with everything in it. Familiarity breeds contempt.

If you have access to a young child (or possibly someone with Down's Syndrome
or dementia), they look at the world in a different way. This can be extremely
valuable to you. (Many people will think I am joking about this. I am absolutely
not.) If you work at it, you can take this experience with alternative views and,
with practice, start to look at the world differently, yourself.

You are unsupervised at home. This can be a great advantage. It is possible that
you may simply slack off. However, it is possible that you can look at what you
are doing, and how, and figure out what is actually worth doing.

When you work from home, you can develop an "always on" mindset. This may
come about in two ways. You may be a natural workaholic, and just get stuck in.
Or, you may think that what you are doing is actually important. This can create
a serious and damaging delusion. Once again, look at what you are doing and try
to determine whether it is actually worth doing.

You may feel lonely and isolated at home. Especially if you don't have a spouse
and/or children. Then again, you have the Internet. Good grief! You can talk to
anyone in the world! About all kinds of topics! How can you feel lonely and
isolated? (If all you do on the Internet is surf pr0n, you deserve to be lonely and
isolated.)

If you have a spouse and/or kids, you may feel that you can't be with them. You
may feel that you have to lock yourself in your home office for eight hours a day
and not talk to anyone. That's ridiculous. Talk to them. Play with your kids. Go
for walks. (Stay away from anyone on the street, though.) Make multiple short
blocks of time to lock yourself in your office, if you must. You will be *much*
more productive in one hour, after you've spent some time actually talking to
your spouse and/or playing with your kids. (And, again, how much of what you are
doing at "work" actually needs to be done?)

You may need to be motivated. Why? Isn't your work important or interesting
enough? If that's the case, that should be motivation to find a different job. (You
can search for one on the Internet.)

Get distracted. Look out the window. Talk to someone on the Internet. Talk to
your kids. Clean up your desk or office. You can find some interesting new ideas
...

Don't procrastinate. (At least, not right away.) Do something. Anything really.
If a job looks too big and daunting, do something related to it, to chip away at it.

Create a schedule. It does help. But create it. Don't just impose it on you and
those around you. Find something that works for everyone.

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: Information security for work-from-homers


@Chuxing wrote:

With more and more organizations sending their people home and work from there, I am curious if anyone can contribute some practical policies, guidelines, and procedures for the work-from-homers ?

 


Due to the current situation, the technology ebook publisher Take Control Books is offering a free ebook

 

Take Control of Working from Home Temporarily 

 

Add it to your cart and check out, All it will cost is giving them an email address.

I just downloaded it, and it looks pretty solid.

 

Craig

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html