|
1. Use secure networks and protect all your devices and documents
|
|
Use the VPN (Virtual Private Network) provided by your company to connect to the corporate network in a secure way and to perform your tasks
|
|
|
Whenever possible, avoid being connected to the company network while you are connected to other networks
|
|
|
Reduce information extraction from corporate systems to the essential
|
|
|
Reduce sharing corporate documents to the strictly necessary, using means that were previously defined by the organization for such purpose
|
|
|
Avoid copying corporate files to USB drives and external drives
|
|
|
Do data backups, according to the guidelines defined in your organization’s backup policy
|
|
|
2. Keep your passwords, software, and devices secure and up to date
|
|
|
Create robust passwords, according to the security policy, avoid disclosing and reusing them, and update them regularly
|
|
|
Always use the devices that were provided or certified by your company to work and do not share them with third parties
|
|
|
Keep your security software (anti-malware, firewall, among others) and the applications you need always updated and aligned with the effective corporate practices and security policies
|
|
|
Be defensive in security terms, by making sure that:
|
|
|
a) You separate personal and professional information
|
|
|
b) You do not install unauthorized software or software that is not for professional purposes on your work devices
|
|
|
3. Have meetings in a secure way
|
|
|
Chose places where you can make professional calls without taking the risk of sharing confidential information with third parties
|
|
|
Make sure that you have a simple background with no personal or family references in case you need to make videocalls
|
|
|
Lock your sessions and put functionalities such as the camera or microphone on stand-by or turn them off whenever they are not being used
|
|
|
Avoid leaving work devices unlocked, especially when you are sharing the room with children
|
|
|
4. Be careful when dealing with unsolicited e-mai
|
|
|
Resist the urge to open unsolicited e-mails, even when they appear to include useful information about the COVID-19 outbreak
|
|
|
Do not access links or websites, and do not open or download attachments of unsolicited communications. Many attackers have been using the pandemic to spread malware
|
|
|
Make sure that you have the contacts of the IT/Security team of your organization to whom you must report suspicious behaviours or situations and ask for instructions or clarifications in case of doubt
|
|
|
5. Use trustworthy applications and information sources only
|
|
|
Do not install any application that isn’t trustworthy or isn’t included in the official manufacturer stores (Google Play and AppStore) in your devices
|
|
|
Be aware that attackers can use the COVID-10 outbreak to convince users to install malware in professional and personal equipment
|
|
|
Use trustworthy information sources, such as the WHO and DGS websites, whenever you need to get information about the virus and avoid unsecured, potentially dangerous websites
|
|
|
|
|
