Welcome to the SecAware blog

I spy with my beady eye ...

1 May 2019

NBlog May - Security awareness for off-site workers

Hot off the NoticeBored production line comes May's security awareness and training module about working off-site.

The 69th topic in our portfolio was inspired by a subscriber asking for something on home working.

It ended up covering not just working at home but the information risk and security implications of working on the road (digital nomads), in hotels, on supplier or customer sites and so forth, touching on online collaboration and other related areas along the way.

Module #193 is 95% brand new, prepared from scratch during April and blended-in with a little updated content recycled from previous modules on workplace security and portable ICT security, plugging the gap, as it were.

I'm proud of the guideline (item #04), part of the staff awareness stream. At 16 pages, it is lengthier than normal due to the sheer variety. With the odd touch of humor and stacks of pragmatic security tips for home and mobile workers, it would make a neat little awareness booklet or eDoc for people to leaf through as they wait for planes and buses, or “work” in front of the TV. It's a good read.

The module's management stream has quite a bit to say about achieving balance. There are clearly business and personal benefits to working off-site, provided the associated risks and costs are managed and kept in check. Compliance is particularly challenging as the workforce escapes the confines of the office, powerful ICT devices in hand, dispersing valuable yet vulnerable information assets across the globe. Resilience and flexibility are substantial plus-points.

Extending the working day or week can increase productivity to a point, beyond which over-stressed workers (staff and management!) plummet toward exhaustion and burn-out. In strategic terms, senior management has to make the right choices in order for the organization to reach the peak but not overdo it - and, for that matter, so do individual workers. Just because we can stay constantly in-touch doesn't mean we have to. There are further strategic and governance implications of the evolving nature of work, hence quite a bit of sociology in May's module.

The professional/specialist awareness materials get further into the IT or cyber security aspects such as security administration of mobile devices. Recent news about the discovery of exploitable flaws in WPA3 has risk implications for mobile workers using Wi-Fi, particularly in potentially hostile environments such as busy shopping areas, stations and cafes. On the other hand, anyone who has followed the sorry tale of Wi-Fi security woes since the beginning should not be surprised. WEP, WPA and WPA2 have their vulnerabilities too, as do Bluetooth, cellular networks, Ethernet and the rest.

If off-site working is becoming or has become the norm for your organization, let's tease out and tackle the associated information risks through creative security awareness and training materials, helping you strike the balance between risk and opportunity, pain and gain. Over to you!

No comments:

Post a Comment