Hardly a day goes by without the media warning about cyber attacks and cyber dangers. At work as well as in the smart home. Because wherever end devices are connected to the internet, their users always take risks. Nevertheless, the impression is deceptive that home networks are like households – that the worst accidents happen at home. But where does the feeling come from that the risks are particularly great in the home office?
Data protectionists have a reputation for wanting to ensure security by every conceivable means. An assessment that does them an injustice – because they only have the professional task of holding up a mirror to their clients as far as their handling of data worth protecting is concerned. In this way, they make an important contribution to protection against attacks by cyber criminals. In doing so, however, they naturally also focus on behaviour patterns that computer users themselves have not noticed so far – and which are therefore so difficult to change. The so-called blind spot. Working on it is almost always an imposition and therefore unpleasant. Doing it nevertheless is essential to close security gaps, ward off attackers and thus reduce cyber risks. This imposition becomes particularly great when the search for threats invades the space that means the greatest possible security for us: our own home. Nevertheless, this sense of security makes the scrutinising expert’s eye particularly necessary to secure the cyber space. Because where there is no suspicion, real danger is all too readily overlooked. What can be embarrassing in private life, apart from the financial consequences, may quickly threaten the existence of a business: cyber incidents, the loss of sensitive data. From personal data that is subject to special data protection regulations to trade secrets in which the future of the company lies hidden. Quite rightly, companies do not want to take this risk lightly, prevent business interruptions and improve their overall threat level. A relationship known in psychology as toxic arises when the company’s legitimate need for protection is mixed with the fear of loss of control that often accompanies workers into homeworking. Then the conflict is pre-programmed, in which it must be laboriously negotiated who bears what responsibility and what contribution must be made to safety. In this context, much more objectivity would be possible without the subliminal insinuation that employees would lack the necessary care and diligence in their comfort zone anyway.
In fact, the home office is nothing more than one of many possible mobile workplaces. At least with the opportunity to change some of the otherwise uncontrollable framework conditions. In this environment, there are no greater cyber dangers than when working on a train or plane, in a café or hotel, at trade fairs or congresses. Therefore, there are no greater requirements there to prevent security incidents. Responsibilities are also divided equally accordingly: It is the employer’s responsibility to provide safe work equipment. Using them responsibly is then the obligation of the employee. The bridge in between with a smooth transition of the spheres of accountability is formed by knowledge about the existing risks as well as regular training. The following aspects can be stated as rules of conduct:
Those who uphold these responsibilities can easily ensure greater security via the technical and organisational framework and make it more difficult for hackers to do their work.
The most important prerequisite for secure work in the home office is the awareness to exercise the same care in handling company data everywhere – even in the familiar and cosy home. This applies in particular to fraud attempts through social engineering, in which cyber criminals feign the identity of bosses and colleagues because quick queries “across the hall” are ruled out. Therefore, it is helpful if companies provide their employees with the basics for secure data processing in duty agreements for work in the home office. In any case, this includes a critical consideration of e-mails, websites, and persons with whom they exchange data. In addition, PCs and laptops should be equipped with up-to-date protection against extortion software, Trojans, viruses, and other malware, and should also be protected by secure passwords for all company accounts. Data connections with company networks should only be formed behind a firewall and are advised to be encrypted at all times. In addition, external data carriers should never be used without being checked. Furthermore, there are organisational measures that the company must take: Grant and restrict user rights corresponding to the task at hand and continuously carry out reliable data backups.
Do not handle business secrets differently at home than in the office – that is the most important recommendation for secure work in the home office. This includes conversations at the dining table as well as in the presence of the voice assistants such as Alexa, Bixbi, Cortana, Google Assistant, Siri, and Co. However, the same applies in a crowded train, where even a business phone call can constitute a data protection breach. Not to mention using a laptop without a privacy screen. Responsibility is not confined to one place – and cyber risks are no greater in the home office than elsewhere. That is why it is an important task of data protection officers or cyber security experts to focus on overly relaxed habits every now and then and thus prevent a rude awakening. Simple recommendations for the secure handling of important data are summarised in the “10 commandments of IT security”.
Add a comment