Security of IT service
while working from home
Currently, more people are working from home than ever before, bringing numerous risks for organizational security. Global data breaches are on the rise, potentially causing significant consequences for businesses. By maintaining security control, organizations can not only retain customer trust but also mitigate financial losses.
ISAE 3000 is the standard for assurance on non-financial information. In practice, there is often a demand for an SOC 2 report. This SOC 2 report exclusively includes General IT Controls that comply with the Trust Service Criteria of the AICPA. These Trust Service Criteria are best practices from the United States for security, privacy, confidentiality, availability, and integrity.
What are the best ways to keep remote work as secure as possible?
1. Password management.
The widely recommended tip is to use strong passwords. Ensure that your employees create multiple different passwords. Frequently changing passwords can also enhance security. Also, ensure that private and work user accounts are separated. As logging in with a private account at home is often easier, it can jeopardize security.
2. Screen locking during breaks.
It sounds like a logical step, but screen locking is often overlooked. Unexpected events can occur when the screen is not locked. This is a matter of habit. The following combinations should be used:
- Windows: Win + L
- Mac: Cmd + Ctrl + Q
3. Keep private and work separate.
As mentioned earlier, keep private and work separate. Different passwords, private and work-related, should not be stored on the same drive. Also, an employee should never use their work email for external websites.
4. Secure WIFI connection.
A secure WIFI connection sounds simple, but mistakes are often made. People often make the mistake of logging into a public WIFI service instead of using a phone hotspot in public. Always instruct employees that if they work in public, they must always use their own hotspot instead of an unsecured WIFI service.
5. VPN.
It’s best to work on a VPN connection when working from home. A VPN connection reduces the risk of hackers and data breaches. Additionally, it’s important to follow browser warnings; if a site doesn’t feel right, it probably isn’t.
6. Security programs.
There are various security updates available for computers, often automatically installed when booting up or shutting down the computer. Also, organizations should provide mandatory antivirus programs.
Risklane offers services in governance, risk, and compliance. Since 2014, Risklane has been a market leader and the most progressive organization regarding ISAE 3402 implementation and certification. Apart from ISAE 3402 services, we offer services in ISAE 3000, GDPR/AVG, ISO 27001, ISO 9001, and COSO ERM.