About Me

My photo
Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.

Thursday, August 12, 2010

Home Office Security - Who's Responsibility?

So, you have the ability to work from the home office, sounds like a great opportunity, in many ways.  Having the ability to work remote for your company doesn't mean that you no longer have security or environment concerns.  Those items are now YOUR responsibility as a teleworker.  Know what you are responsible for? 

Let me share a few items with you, but would highly recommend you contact your manager for a teleworker guideline.  Here are Scott's top items:

Security
Remote access from a company owned device must be by secure VPN
  • You still need to practice password protected screensavers, and physical security
    • If you walk away from your computer - lock it.  Will keep the kids or guests from using it or looking at it.
    • You done working for the day, turn the computer off, and lock it up.
  • Company data is confidential.  Not to be shared with family and friends who happen to stop by for a visit.  Don't leave sensitive data sitting on the kitchen table or end table.  Put it away or shred it.  Having a paper shredder in the home office and using it is good security for your company data, and your personal data.  Every home these days need a shredder.
  • If you are using your personal computer for work, make sure you have:
    • Current anti-virus protection
    • Personal firewall - software or hardware
    • Wireless network locked down
    • Backup your files
    • I would have a folder on your computer to keep all work related information
  • I would also recommend you have a computer for work use, and a computer for the family
Environment
  • Make sure your work space is a comfortable space, functional and safe
  • Have a fire extinguisher in the home
  • Have a DR plan.  If you are a full time work from the home employee, if your home is no longer available, what is your DR plan?  Power is out, what do you do?  Network is down?  - work out your plan now, document it and practice it.
  • Security Systems - if you have company sensitive information or data - how are you protecting it?  Are you responsible if it is lost or stolen?  Do you have a system to alarm on fire, break in, water, smoke?
  • Public exposure - Sensitive company information must not be read, discussed, or otherwise exposed in restaurants, on airplanes or trains, or in other public places. If you require frequently working from public places, a privacy shield should be utilized for your laptop screen.
  • Telephone Discussions - Sensitive information must not be discussed on speaker phones unless all participating parties first acknowledge that no unauthorized persons are in close proximity.
  • I would track your expense(s) for tax purposes.
I propose to you that your home is your responsibility.  Having the ability to work from the home office is a privilage and security is your responsibility.  Your employer is depending on you to ensure data protection and safe secure computing.  You need to be able to demonstate your steps to ensure security and responsibility.  I would also suggest that the security measures you are putting in place for your employer will also benefit you as well.  Your own financial documents, personal documents and information needs to be protected as well, so take it serious. 

I would also take some time to check out the government readiness websites and know how to build a home DR plan, incident response, and family planning.  Important stuff. 

Security is EVERYONE's responsibility.

Scott Arnett
scott.arnett@charter.net
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)