30.03.2020

Following an information security policy will also secure remote work

Remote work makes it possible to save time from commuting, do attention-demanding work without the distractions of the office, and to have some variation in everyday work. There are downsides as well, and even risks related to technology and information security. Those are, however, more associated with the employees’ or the employer’s thoughtlessness than with the working environment.

“At home, it is more likely to stick into the computer a USB memory stick or other device that does not belong there”, the Technology Director of Mtech, Tuomas Loponen, gives an example. You can only connect work-related devices, he specifies. Other devices create an information security hazard.

Use of cloud services may grow with expanding remote work. There is an information security risk associated with them when compared with saving locations on the employer’s servers. Cloud services are easy to use, but web attackers also have an easier access to them when they do not need to bypass the internal network in the company.

“Cloud services need a multi-step authentication system”, says Loponen. There are three different ways to authenticate a user. The first way is to require something the user knows, such as a password. The second way makes use of a thing that belongs to the user, such as a mobile phone where you can send an SMS code. The third way is based on a trait of the user such as a fingerprint or facial features. With multi-step authentication, more than one of these is used, for example a login – password and a fingerprint.

Data security risks can be minimised by having information security guidelines in the company, and following them both in the office and at home. “It is crucial that a company has an information security policy, and that those who work from home commit themselves to follow it”, Loponen wraps up.

Also, the physical security measures are often worse in homes than at the workplace, e.g. burglar alarms are not as frequently seen in private houses as in offices. For information security, it is important to lock the computer during breaks and to switch it off when it is not in use. If the computer is stolen the thief will not be able to access the data without the hard disk security code, login and password. Even if a thief takes your computer your data is still safe.

”If a specialist is unable to work for a few days, that is usually a greater financial loss than what the computer is worth”, says Loponen.

With a high workload on the networks, the home networks may break up easier than those in the office. Especially now that many remote working stations have small children puttering around, there is an increased risk of spilling juice or plasticine ending up in the keyboard. These risks cannot be avoided by company policy.