Welcome to the second edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to 17799 and related information security issues. The newsletter comprises a combination of inclusive articles and the identification of useful and topical sources on the web.
This edition covers:
COMPUTER SECURITY BEGINS AT HOME
Whilst everyone is aware of the importance of good information security measures in the office, these are often overlooked when an employee works from home, whether on a permanent or occasional basis. Dangers range from inadequate virus protection on a laptop or home computer, to the risk of confidential data being exposed to unauthorized users, or even a breach of the company's computer network if accessed remotely.
To counter these risks, there are a number of security measures which should be taken when working from home or off-site. For example:
- Treat company property and/or data as you would in the office, according to company information security procedures
- Ensure that laptops are kept secure at all times, and protect access with a strong authentication mechanism
- Do not use the same computer for both business and personal use; or, where this is not possible, store company data on a separate disk with secure access and protection
- Specifically protect all sensitive business documents stored on laptops or home computers
- Valid licenses must be obtained for any software used at home to avoid a breach of Software Licensing laws
- Ensure that adequate virus protection software is installed on any computers used at home
- When connecting remotely to an office network, consider the use of a dial-back facility for added security, and always investigate the reason for failed access (your username may already be in use by an unauthorized person)
- Do not allow a laptop issued for business purposes to be used by family or friends
This guidance is brought to you courtesy of the RUSecure Security Manual