These Information Security Tips when Working from Home are posted on behalf of Bhushan Deo, CISO for Thermax Limited.
Connection & Access
- Avoid connecting to unsecured Wi-Fi / networks for internet.
- Use only company provided VPN / Citrix connection. Avoid use of any other utility for accessing applications / data.
- Check & ensure latest antivirus updates on our laptop regularly.
- Strictly avoid sharing our usernames and passwords to others.
Data sharing & Collaboration
- Adopt all proper & sensible precautions when handling Company data.
- Save & share data from Company O365 One Drive.
- Use Company O365 Teams to conduct meetings, to share information, screens etc.
- Avoid use of social media like WhatsApp while discussing / sharing sensitive business information.
- Do not give PRINTs at default printer of office, where the print-out may remain unattended (in absence of secure print) & may be misused.
- Ensure adequate security provisions of your mobile phones to protect Company information being accessed.
- Ensure that Company confidential information is not shared with unauthorised users, vendors, family, friends or members of the public.
Phishing Emails and Websites
- Strictly avoid opening e-mails, URLs & file attachments received from unsolicited or unreliable sources.
- Fake emails are sent by hackers about Corona virus. Do not open such mails / URLs / attachments. Forward suspicious mails to _____ ID
- Also avoid the use of various maps / graphics showing the spread of Corona. There are incidents of computer hacking through them.
- Avoid eating or drinking in the vicinity of our laptops / computers.
- Avoid exposing the laptop / computer to sudden impacts or shocks, humidity, sunlight, water etc.
- Do not repair, configure or change of system settings of the laptop / computer. Report to IT.
- Lock laptop / computer screen when left unattended, to prevent alteration / deletion of data.
- Ensure the physical protection of our laptops / computers.
Other important points
- Do not install any software on any Company computer. Do not download / copy any type of unauthorised / pirated software.
- Do not access Internet sites containing foul / obscene / illegal / unethical / adult / violence / rumours related content from Company computers
- Do not use external, web-based e-mail services (e.g. gmail.com, yahoo.com, hotmail.com) for Company business communication.
- Ensure to have written approval from Business authorities, prior to transferring the business information to anyone.
- Do not copy Business data on removable media like USB storage.
- Do not access others’ emails directly by using their passwords.
- IT continuously monitors the technical & security usage of the IT Resources, to prevent & correct any performance issues & any misuse.
- If you come across any misuse of Company information / asset, then bring to the notice of our business authorities, Functional Risk Officer (FRO), IT & HR; or mail to _____ email ID.
- Use our IT resources in a legal, ethical & responsible manner. Do not use them for unauthorised commercial activities or unauthorised personal gain.
- Report the Security incidents through IT tool / sending mail to _____ email ID.
P.s: Some details are gathered from our ISMS ISO 27001 policies