Charity IT Security – Tips and Advice for working remotely
As most of us get used to life working at home, IT security can easily slip down our conscious priorities. Here are some tips and tricks on how you can help to ensure working from home is done securely, and what we all need to think about to ensure that confidential information remains protected.
Beware of fake emails using the COVID-19 virus
Attackers are already preying on the fears of COVID-19 using phishing attacks setup by opportunists to use the COVID-19 virus to trick individuals into clicking on malicious links, knowlng that they are likely to be effective as people are eager to hear the latest news. It is really important to remain vigilant at this time and continue to remember not to click on links or open attachments in emails unless you are sure that you know what they are and who they came from.
Using home computers
When working from home, especially if you are using personal computers, laptops or tablets, some of the usual IT Security mechanisms that protect data in the office may not be in place. We are less likely to be as aware of IT Security when we are not in our usual working environment, so our guards can drop too.
Here are some useful tips;
- Password All home computers should be set up to use an account that has a password to access work data. This account should not be an administrator account, and should be separate from other accounts used by other family members. You can see how to do this in Windows 7 and Windows 10.
- Make sure that access to the computer is through a good password that is at least 12 characters long, and your account isn’t shared with your children!
- When logging into any work systems from a home device, ensure that you do not save your password if your web browser offers to save it, otherwise you leave a copy of your password on your computer.
- Windows Updates Make sure that Windows updates are installed! Keeping your computer up to date is very important, especially at the moment. Here is how for Windows 7 and Windows 10.
- Wifi Password Your home Wi-Fi must also have a good password and should never use the default password that it came with, as it could allow attackers to access your information. Your Internet Service Provider can help you change it.
- Anti-Virus Software If using a personal computer for work, it must have anti-virus which is updated on a daily basis. If you are using Windows then Microsoft Defender should be running by default, but please check to ensure that it is enabled. (Click on the Start Menu and search for Windows Security). If using a Mac and you don’t have Anti-Virus software installed you can download Avira.
- Screen Lockout should be applied after 5 minutes of inactivity to prevent potential child / pet keyboard accidents or any other unauthorised access to information. This can be done from your keyboard very easily by pressing the Windows button + L, or amending the screen timeout settings to ensure the screen lockout happens after 5 minutes of inactivity.
Working with personal or other confidential information
- Don’t save work locally If you are working from your home device, do not save any work locally to that device and instead only store this data on company drives such as in Teams, on SharePoint or your company shared drive.
- Think before you forward emails It is important not to forward work emails with personal, sensitive or otherwise confidential data to your personal email address. It is really critical that this information always remains within the organisations systems.
- Don’t print unless really necessary As much as possible you should refrain from printing confidential information and if it is absolutely necessary, it must be disposed of appropriately by shredding if possible or otherwise cutting the document into many pieces.
Continue to report incidents
During this time of alternative working arrangements, it is important that you continue to report any incidents that occur to your manager and IT department. These Incident Reports help each organisation to better understand the risks of remote working and put in place the right measures to respond to any risks identified. If you think you might have accidentally shared data with the wrong person, or clicked on something you were not sure about, let IT know just to be on the safe side.
Smartdesc are offering any charities or non-profit organisations time with one of their highly experienced, charity focussed, Virtual IT Directors – free of charge during this time. They will be happy to answer any questions you may have or help guide organisations on the right path.
To get in contact, email; firstname.lastname@example.org
About the Author
James Field is Customer Strategy Director at Smartdesc, an independent IT Services Provider to the charity and non-profit sector, an ACEVO Premium Partner and NCVO Trusted Supplier.