« Takeovers -- Good for Growth But Bad for Security: Talking with Breach Security | Main | Does SaaS Stand for Software as a Security Lapse? »

Change is afoot at ebizQ, and I have been promoted to Managing Editor, which means my focus will change some, as I'll still be keeping an eye on the perils and payoffs in the security industry, but I'll also start covering what's going on in some of the other subjects ebizQ covers, you know, like SOA, and BPM, and BI, and how can we forget IDKEWTAIFBISILAC (that would be, I Don't Know Exactly What This Acronym is For But It Sure Is Long And Confusing).

And if you live across the pond in Britain, tomorrow, Friday, is 'National Work from Home Day,' which corresponds with the U.S. version, 'Live in Your Office Weekend,' and to make sure that your work from home is safe and secure, the fine fellows (I'm trying to sound British here) at WorkLight have come up the following tips. And the last thing I'm going to say about the U.S. penchant for overwork is, I've always liked this line: If you don't come in on Saturday, then don't even bother showing up on Sunday.

Again, the tips for working securely from home from Worklight follows:

1. Use an approved computer for working at home. This way, the company has verified that the necessary protections are in place (up to date virus protection, approved VPN tools, etc.). This will protect you from introducing malware into your company’s environment inadvertently and it will protect you from your company’s ire if “something goes wrong.”

2. Make sure everything is updated. Before you start working on your computer or laptop make sure you turn on your automatic updates for your applications as well as installing the latest anti-virus and anti-spyware software to make sure you and your personal information is also protected.

3. Never enter your username and password on a page you arrived at by clicking on a link in an email, IM message, third party web site or social networking site. These are the tools hackers use most often to steal passwords.

4. When entering your username and password on any site, always verify first that the URL in the browser’s address bar matches the URL of the site you (think) you are accessing. This is the best way to ensure your password won’t be intercepted by some evil-doer.

5. Set limits about what you are willing to expose about yourself when working online and remember the context of the interaction (business or personal). Be wary, since embarrassing or inappropriate information about yourself may appear in contexts that you did not expect. It is very difficult to “clean up” your profile later on.

6. Social networking sites and blogs are business tools, make sure you are using a safe environment for professional networking. Treat the network as a resource of valuable information, and tap into your colleagues’ expertise with the collaborative tools available on the network.

7. Secret is not secured. Some social networks, like Facebook, allow users to engage in private or secret groups. Although these forums take place away from the public eye, apt hackers can still crack open the discussion boards and access conversations, unless appropriate enterprise-grade safeguards have been put in place.

8. When adding RSS feeds to a feed reader, always prefer to use a link you got from the content provider’s web site rather than from any third party (an email, an IM, a link on a social networking site etc.) This improves the likelihood that the information you are seeing is what the content provider intended.

9. When accessing corporate applications from a web browser, use a separate browser instance, not just a new tab or a new window opened from the browser you are using to access public sites. This makes it more difficult for hackers to launch request forgery attacks that target your corporate systems.

10. When using public sites for work related tasks, be aware of the information you expose. Keep In mind, the search queries you run, the sites you visit, your web-based bookmarks and tags, the RSS feeds you've subscribed to and your social network connections are all potential sources for data leakage.

11. When using Web based collaboration tools, avoid exposing proprietary information. Even when communicating with colleagues, the information you provide can easily become accessible to unauthorized parties.

12. Familiarise yourself with your employer's acceptable use policy for employee blogs and social networks. Adhering to such policies will help avoid any unpleasant situations. If your employer hasn't published such policies, demand them.

13. Keep personal and business “digital assets” separate. As personal lives and business lives merge, it becomes increasing compelling to do personal tasks on work time. Be careful not to merge these two lives on your computer. Some tips - use business time for business and do not store personal files on your business computer (and vice versa).

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3430