Promote Personal (Computer) Hygiene

By ThinkCISOCybersecurity Authenticity

Our Mass Absenteeism Planning long had telecommuting as a foundational capability. However, when we expanded our flexible work policies last year, pandemic preparedness was not one of our key selling points. Regardless, we focused our last Cybersecurity Town Hall on staying secure when telecommuting, as part of our ongoing Cybersecurity Authenticity campaign.

It is somewhat of a personal mission of mine to make security awareness a whole life behavior change for the staff – not just a mandate limited to use of corporate systems or when they are “in the office”.

To review, we cannot expect staff to become fully security aware if it is an inauthentic value in their lives. As much as they do not intend to jeopardize corporate systems or data, if it is not innate to their thinking, out of ignorance or expediency, they may create inadvertent risks for the organization. This is especially true since their personal digital identities can be leveraged to move “laterally” to corporate systems.

And if we need to dramatically or quickly expand our remote working capacity in response to a health emergency – those unmonitored behaviors become much more important.

While we were ramping up our telecommuting policies (more as a corporate benefit at the time), I wanted to ensure that the staff were taking their awareness training home with them as well.

We covered several topics specific to our organization, but here are some takeaways anyone can use:

Confidentiality and privacy expectations still apply:

  • Maintain “Clean Desk” best practices at home
    • Don’t leave printed documents \ corporate data unsecured
    • Lock screens or log off remote sessions when stepping away
  • Be mindful of phone conversations and sensitive data that can be overheard
  • Work must stay on authorized systems
    • Never email corporate information to your personal accounts \ email addresses

Keep personal computer and devices secure:

  • Apply patches and software updates on all your devices
  • Keep anti-virus active and up to date
  • Don’t plug in unknown USB devices
    • Assume giveaways \ “found” devices have malware
  • Cover Web Cameras
  • Make frequent backups
  • Ensure the physical security of devices

Use the phishing avoidance skills you learned at work, at home:

  • Only use known log on portals and trusted secure web pages
    • Look for https lock icon
  • Log out when you no longer require access
  • Don’t visit high risk sites
  • Beware of fake “warning” pop-ups
  • Mindful of Fake Tech Support scams
    • Reach out only to known corporate support if you need assistance
    • Never allow unknown parties remote access to your computer

When working from home, without supervision, the staff’s natural cybersecurity awareness becomes a vital control. Dedicating time to “whole life” behavior modification will make staff more reliable agents, even when beyond your full oversight.

And in a pandemic response – personal hygiene can keep the organization safe in more ways than one!