IT Security: Basics for the Home User
Since the pandemic began, there has been a lot of speculation about how remote workforces are potentially putting corporate networks at greater risk by working outside their secure networks.
However, with a bit of work, this could also be an opportunity to make individuals more aware of the risks and instil some best practice techniques to protect the organisation’s intellectual property and any personal data from customers, clients and suppliers that it needs to process.
Data Protection – What You Need To Know
The General Data Protection Regulations were set out by the EU in 2016 for all member states and the Irish Data Protection Act 2018 extended and transposed these regulations into Irish law.
The Irish Data Protection Act 2018 also clarifies how certain measures set out in the GDPR are to be interpreted within the state such as processing the data of children, public access to official documents and the processing of special categories of personal data as well as how the structure of the Irish Data Protection Commissioners office was changed to manage this.
Any Irish organisation processing ‘personal data’ on an individual based in the EU for commercial purposes must adhere to the rules set out in the Irish Data Protection Act 2018 and take all required measures to obtain and record permission for the processing of that data, ensure the security of that data while in their possession and be able to fulfil a ‘right to be forgotten’ or ‘subject access’ request within the specified time frames.
Personal data is classed as any information that would make an individual personally identifiable to an outside entity.
a living individual who can be identified from the data, directly or indirectly, by reference to—
(i) an identifier such as a name, an identification number, location data or an online identifier, or
(ii) one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.
Examples are some business email addresses – firstname.lastname@example.org
This would allow someone to identify which specific John Smith this email address belongs to from where that person works.
Your organisation needs to be working with the basic principle of protecting that data, front of mind as data breaches have been known to generate some large fines for companies. (Link)
Applying some other very straightforward security rules will help your workforce to play their part to do this more effectively.
- Make sure to fully power off your computer every day so that the latest software updates and security patches are downloaded and installed.
- Change your passwords regularly, always use something unique, do not use the word ‘password’ as your password. Strong passwords are 12 characters long, a mix of numbers, uppercase and lowercase letters and characters and cannot be easily guessed.
- Ask for permission and/or advice from your IT department when connecting devices like printers and phones to your computer, especially if they are personal devices.
- Always use a VPN if your company has one, don’t work outside of it.
- Make sure your home Wi-Fi password is as strong as possible. Never keep the factory set password.
- When sending emails, be aware – spell check isn’t the last thing you should do! Always double check WHO you are sending to. Outlook has been known to auto populate the ‘To’ field with the wrong email address if you are typing fast and not watching carefully. Double check the email addresses in the ‘To’ field before pressing send. The last thing you want to do is send confidential company information to the wrong person or worse still to an external company.
- Password protect and/or encrypt files where possible but always make sure the recipient has the latest software version so they can open the file. Better still, use a protected shared internal drive or location for sharing sensitive files whenever possible. You can install dedicated software for locking folders and encrypting files – your IT department should advise you on whether this is necessary. However, if you are just concerned about a particular data set on a word doc or excel spreadsheet, use the password protect options on the programme itself and then send the recipient a text with the password (E.g., On MS Word you just click File>Info>Protect Document).
- Phishing emails are on the rise since the pandemic began and are becoming increasingly difficult to spot. If you are in any way suspicious about an email, do not reply and do not open any attachments or click on any links. Most phishing emails will ask you to take an action so that they can extract information or install malware. If the purported sender is known to you, contact them via another method and ask them if they sent the email. Report any suspicious emails to your IT department as soon as possible, following the relevant steps set out in your organisations security policy.