5 simple precautions to protect personal data outside the office

June 5, 2022 admin 0 Comments

A recent article in the Times caught my eye. I was discussing the notion of “extreme jobs.” I think most of us can agree with the idea that there has been an inexorable increase in the pressure on us to always be available, working longer and longer hours and still prepared to answer a client’s or boss’s mobile phone until late hours at night. on weekends and even holidays. Coupled with the ready availability of increasingly sophisticated mobile technology, it is inevitable that many of us will be taking our work home with us, or at least outside the security of the office environment.

For many of us, that means we’re taking sensitive information with us, and the consequences of losing that data could be catastrophic. One of my current assignments is preparing security training for colleagues working in a large public sector offering. We will be providing this training to highly skilled and experienced IT professionals, but looking around, I am reminded that what is obvious and necessary to a security specialist is often, at best, an annoying distraction to others. . We all need to remember that the mishandling of confidential information can have serious contractual and even legal consequences for both an individual and their employer.

So, check out these 5 simple precautions to make sure you’re not the one in the headlines.

1: Pay attention to the physical security of your laptop while traveling: Any attempt to work outside the office almost inevitably means carrying a laptop, loaded with project data (including sensitive business and even personal data) on the go. No matter how you travel, it’s bound to present plenty of opportunities for your laptop to get lost or stolen. It’s fair to assume that, in general, the motive for the theft is to sell the laptop in the future, rather than a concerted attempt to obtain the data stored on it. However, you must take reasonable care not to advertise that you could be a valuable target. For example, do not use your company pass outside the building. The risk is higher when you have to leave the laptop unattended:

  • While driving, keep your laptop out of sight, in the trunk of your car.
  • When staying in a hotel, keep your laptop in a safe, if one is provided in your room.
  • When using the notebook in a public place, secure the notebook with a Kensington lock.

2: Use full disk encryption to protect your data: If your laptop is lost or stolen, the cost to replace the hardware is relatively less, and you’re still insured, right? The real cost of the incident is the loss or disclosure of confidential information stored on the laptop. To protect against this, you should install full disk encryption software. This ensures that all data on the laptop’s drive is encrypted when the laptop is powered off. Only when the laptop is powered on and the authorized user completes pre-boot authentication is the data on the drive decrypted and available for use. Commercial software is available through several popular providers, including PGP and DESlock. You should be aware that unless you are careful, even the authorized user may not be able to decrypt the data on the disk. You must ensure that:

  • Runs the operating system’s disk maintenance utilities to defragment the disk and check and mark any bad areas on the disk;
  • You must make a full backup of your disk volumes before installing encryption software;
  • The installation process will give you the opportunity to create emergency recovery information: be sure to write this ERI to a CD or other removable media and keep it in a safe place;
  • More importantly, the encryption software only takes effect when the laptop is turned off or in hibernation. You should never travel with your laptop on standby.

3: Protect yourself from eavesdropping when working in public places: One of my favorite tech commentators is Peter Cochrane, who writes a regular column for Silicon.com. Earlier this year, Peter reported how easy it was to collect sensitive information from fellow passengers on the train. Anyone who regularly travels on commuter rail services will be familiar with indiscreet conversations and (what’s worse) one-sided phone conversations, which provide far more sensitive information than they should.

Resist the urge to discuss sensitive matters in public places and try to keep calls to your mobile phone down until you can find a more private place. Let’s go back to Peter Cochrane again. During his frequent plane rides, he noticed people using mobile phones to photograph other people’s laptop screens. His blog shows how it’s possible (with enough patience and a bit of experimentation) to get a reasonable image of someone’s laptop screen. This situation is easily remedied at a modest outlay, through the use of a privacy screen. These hook over the laptop screen and make it impossible to read the screen unless you are directly facing it. These screens work the same way as polarized sunglasses: make sure they are placed correctly.

4: If you must use removable media, be especially careful: It is almost an immutable law of nature that if you copy sensitive data to removable media, eventually that media will be lost. The simplest remedy, of course, is to not use removable media. My current employer prohibits the use of these devices on public sector projects, and at one point at least one UK government department filled laptop USB ports with superglue, just to be absolutely sure. Of course, a blanket ban isn’t always practical, so if you need to use a memory card, removable drive, or the like, here are a few suggestions:

  • Never allow the use of personal removable devices – you have no idea how or where they have been used before or will be used next.
  • Have a set of memory sticks for your project, clearly marked and with some kind of unique identifier. Have team members check them in and check them out (with a signature) when they need them and ensure that lost or expired devices always receive immediate follow-up.
  • Always encrypt the device. As we discussed earlier in this article, the use of full disk encryption when dealing with sensitive information is absolutely vital. So if everyone on your team has the capability, it’s crazy not to use it for removable devices as well.
  • It is worth the effort to select only the minimum amount of data to copy to the removable media. It may be faster to export the entire contents of a database, but you should do everything in your power to limit potential loss.

5: Always use a secure connection over public networks: Finally, when you’re out of the office and need to work, take care to secure your communications. Assume that all networks (in hotels or other public spaces, at customer sites, and even at home) are hostile. Always use a virtual private network (VPN) connection to encrypt all your traffic when connecting to your organization’s intranet from outside, and never use a public computer or your home computer to connect to the intranet. So, to summarize, a combination of delicate procedural precautions, along with a few simple and inexpensive technical additions, can go a long way toward controlling the risks of taking sensitive information outside of the normal office environment. These measures may be a bit inconvenient, but they will go a long way in ensuring that you are not held responsible for a data loss, resulting in massive reputational damage, lost contracts, and potentially huge fines for your employer.

Leave a Reply

Your email address will not be published. Required fields are marked *