All Articles

These Information Security Tips when Working from Home are posted on behalf of Bhushan Deo, CISO for Thermax Limited. 

Connection & Access

1. Avoid connecting to unsecured Wi-Fi / networks for internet.
2. Use only company provided VPN / Citrix connection. Avoid use of any other utility for accessing applications / data.
3. Check & ensure latest antivirus updates on our laptop regularly.
4. Strictly avoid sharing our usernames and passwords to others.

 Data sharing & Collaboration

1. Adopt all proper & sensible precautions when handling Company data.
2. Save & share data from Company O365 One Drive.
3. Use Company O365 Teams to conduct meetings, to share information, screens etc.
4. Avoid use of social media like WhatsApp while discussing / sharing sensitive business information.
5. Do not give PRINTs at default printer of office, where the print-out may remain unattended (in absence of secure print) & may be misused.
6. Ensure adequate security provisions of your mobile phones to protect Company information being accessed.
7. Ensure that Company confidential information is not shared with unauthorised users, vendors, family, friends or members of the public.

 Phishing Emails and Websites

1. Strictly avoid opening e-mails, URLs & file attachments received from unsolicited or unreliable sources.
2. Fake emails are sent by hackers about Corona virus. Do not open such mails / URLs / attachments. Forward suspicious mails to _____ ID
3. Also avoid the use of various maps / graphics showing the spread of Corona. There are incidents of computer hacking through them.

 Physical protection

1. Avoid eating or drinking in the vicinity of our laptops / computers.
2. Avoid exposing the laptop / computer to sudden impacts or shocks, humidity, sunlight, water etc.
3. Do not repair, configure or change of system settings of the laptop / computer. Report to IT.
4. Lock laptop / computer screen when left unattended, to prevent alteration / deletion of data.
5. Ensure the physical protection of our laptops / computers.

 Other important points

1.  Do not install any software on any Company computer. Do not download / copy any type of unauthorised / pirated software.
2. Do not access Internet sites containing foul / obscene / illegal / unethical / adult / violence / rumours related content from Company computers
3. Do not use external, web-based e-mail services (e.g. gmail.com, yahoo.com, hotmail.com) for Company business communication.
4. Ensure to have written approval from Business authorities, prior to transferring the business information to anyone.
5. Do not copy Business data on removable media like USB storage.
6. Do not access others’ emails directly by using their passwords.
7. IT continuously monitors the technical & security usage of the IT Resources, to prevent & correct any performance issues & any misuse.
8. If you come across any misuse of Company information / asset, then bring to the notice of our business authorities, Functional Risk Officer (FRO), IT & HR; or mail to _____ email ID.
9. Use our IT resources in a legal, ethical & responsible manner. Do not use them for unauthorised commercial activities or unauthorised personal gain.
10. Report the Security incidents through IT tool / sending mail to _____ email ID.

P.s: Some details are gathered from our ISMS ISO 27001 policies