Handling Security Breaches – Loss of a Laptop, Hacking, Losing Client Information

Staffing your business with remote workers brings with it a unique set of advantages, but it is not without equally unique challenges either. One of the most pressing ones is that the boss may not always be present when an emergency happens and depending on the time zones the employees are in, it can take some time to notify the higher-ups, let alone formulate a plan of action.

Lost Laptop/Company Device

If an employee loses a company-issued laptop or device, immediate action is required as this can compromise the company’s and possibly a third-party client’s data security. Such an event could also seriously derail any sort of work in process.

As a precaution, you can install tracking software on all such devices, use two-step log-in processes, and back-up your files often.

For instance, the following is a good example of emergency protocols in this case:

• Inform the manager/TL/IT Department ASAP;
• Contact your IT Disaster Recovery Service Provider;
• Use tracking software to wipe out/encrypt the hard drive;
• Block account from accessing core company databases and other SaaS;
• Freeze credit card/other financial activities that require account number/log-ins;
• Inform clients or other people on your team if the loss will affect them;
• Provide authorities with the said device’s registry details so it cannot be sold;
• Get a new/temporary laptop and sync it with the company databases;
• Conduct unit testing to verify the data on the new laptop.

If you lost client information in the process, inform your client right away so that they can change their access codes to any sensitive data. As a precaution, you may want to suggest two-factor authentication to prevent any serious data breaches due to such in the future.

Hacked Accounts

These can be difficult to detect, but as with the previous item, the response must be swift to minimize or avoid disastrous consequences.

First, you need to inform and advise account administrators to temporarily block the email/user account and then immediately create a firewall between the user account and admin accounts. In the meantime, watch out for unusual activities, such as mass emails from the compromised account.

You should also be familiar with the limitations of your data privacy systems. Two-factor authentications and anti-keylogger software often perform better than password managers since these are not effective if there’s a keystroke logger present.

Lastly, if you have got teammates or employees, inform them immediately if you cannot log into your accounts so they can anticipate delays.

Viruses and Malware

These can come from accidentally falling prey to phishing sites, unwittingly opening suspicious attachments from known and unknown sources, and downloading or installing apps or software from unsafe sources.

Viruses and malware are not just inconvenient, they can be downright dangerous. Apart from potentially diminishing your device’s functionality and preventing you from carrying out crucial tasks effectively, they can also expose you and your client to serious security risks.

Phishing sites, for instance, look like legitimate websites, except that they ask for sensitive details like usernames and passwords. Due to increasingly sophisticated perpetrators, the sites and emails used can look more and more convincing, so constant vigilance is necessary.

There are quite a few telltale signs of a phishing site or email, and these include:

• Several grammatical errors. If the email’s language does not sound refined or thorough, it is likely to be a scam.
• Wrong domain names. When you open a phishing site, look at the URL. If it does not match that of the official website’s, it is a fake.
• Strange requests. Banks and other similar entities will never verify your access codes via email or on the phone.

Another precaution is to install a good antivirus. This can alert you to suspicious websites and can even warn you against equally suspicious attachments.

Lastly, do not download or install programs from websites that are not secure. Double-check with your client if the link they provided isn’t for a secure URL address.

Keeping Commercial Information Confidential When

In any workplace, confidential information such as customer list, propriety technology, business strategies, and service pricing are critical business assets prone to be compromised if mishandled.

When assigned with confidential documents even at home, you need to follow these protocols:

1. Proper labeling – Remember to segregate and label your files in your computer. Give a proper naming convention that can be recognized by the intended team members. Example (Confidential Info – NWD Corp Blueprints).
2. Non-disclosure agreements – If you are asked to share documents with unauthorized personnel, you may want to request the person to sign a non-disclosure agreement (NDA). This provides transparency and imposes law provisions of sharing confidential information.
3. Reviewing Confidential Notes – If you receive an NDA or any confidential documents, make sure to clarify unclear provisions and terms and conditions on how to handle the documents.
4. Monitor Access – Aside from limiting online access to your documents, make sure to check the user logs of people accessing your confidential folders.
5. Deleting Files – Remember to remove all files once confidential documents expire or you were told to delete the files by the company.

Securing devices at home or in a public workspace to protect confidential information is crucial. Remember these tips to keep your equipment safe.

1. When you take breaks or leave your computer, always make it habit to logout your account protected with a password.
2. You may also install 2-Factor Authentication (2FA) if you want an additional layer of security.
3. Have a separate flash drive or external hard disk for work and personal use.
4. If possible, avoid sharing personal laptops or smart devices to family members or friends.
5. Refrain from sharing confidential information with your family and friends.

Handling Confidential Documents when Leaving Work

According to Stevenson (2018), you must preserve the privacy of your computer from your corporate office even in a remote job. It is important to free your devices that are work-related whenever you decide to resign from your office.

Normally, you will be instructed by IT and HR department about this policy. Here are a few reminders on how to clean your personal computer and smart devices.

1. If necessary, wipe out your disk or memory card to remove corporate data, passwords, or work-indiscretions to eradicate additional liability in the future. This includes flash drives or external hard disks containing confidential information.
2. Ask the IT to deactivate your corporate email and switch the ownership to the office admin or immediate superior, especially online documents assigned to you.
3. If any, uninstall software or mobile applications that were shared by the company.
4. Inform your IT personnel to ensure that your data are removed from the database of the company. Most employees always fail to ask their employers to remove their data whenever they leave a company.

It is best to seek assistance from your IT team if you have a hard time disposing confidential files on your computer or smart device. Always ask the IT department to make a secondary check to ensure that any shared folders online are inaccessible to you.

Working From Home

In any workplace, confidential information such as customer list, propriety technology, business strategies, and service pricing are critical business assets prone to be compromised if mishandled.

When assigned with confidential documents even at home, you need to follow these protocols:

1. Proper labeling – Remember to segregate and label your files in your computer. Give a proper naming convention that can be recognized by the intended team members. Example (Confidential Info – NWD Corp Blueprints).
2. Non-disclosure agreements – If you are asked to share documents with unauthorized personnel, you may want to request the person to sign a non-disclosure agreement (NDA). This provides transparency and imposes law provisions of sharing confidential information.
3. Reviewing Confidential Notes – If you receive an NDA or any confidential documents, make sure to clarify unclear provisions and terms and conditions on how to handle the documents.
4. Monitor Access – Aside from limiting online access to your documents, make sure to check the user logs of people accessing your confidential folders.
5. Deleting Files – Remember to remove all files once confidential documents expire or you were told to delete the files by the company.

Securing devices at home or in a public workspace to protect confidential information is crucial. Remember these tips to keep your equipment safe.

1. When you take breaks or leave your computer, always make it habit to logout your account protected with a password.
2. You may also install 2-Factor Authentication (2FA) if you want an additional layer of security.
3. Have a separate flash drive or external hard disk for work and personal use.
4. If possible, avoid sharing personal laptops or smart devices to family members or friends.
5. Refrain from sharing confidential information with your family and friends.

Handling Confidential Documents when Leaving Work

According to Stevenson (2018), you must preserve the privacy of your computer from your corporate office even in a remote job. It is important to free your devices that are work-related whenever you decide to resign from your office.

Normally, you will be instructed by IT and HR department about this policy. Here are a few reminders on how to clean your personal computer and smart devices.

1. If necessary, wipe out your disk or memory card to remove corporate data, passwords, or work-indiscretions to eradicate additional liability in the future. This includes flash drives or external hard disks containing confidential information.
2. Ask the IT to deactivate your corporate email and switch the ownership to the office admin or immediate superior, especially online documents assigned to you.
3. If any, uninstall software or mobile applications that were shared by the company.
4. Inform your IT personnel to ensure that your data are removed from the database of the company. Most employees always fail to ask their employers to remove their data whenever they leave a company.

It is best to seek assistance from your IT team if you have a hard time disposing confidential files on your computer or smart device. Always ask the IT department to make a secondary check to ensure that any shared folders online are inaccessible to you.

Module Summary

Good job! You have completed this module.

You have learned to:

• understand standard behavior in remote working
• deal with workplace misconduct
• recognize the repercussions of stealing client data
• handle data and information security
• secure confidential information when working from home and when connecting to a  public internet
• deal with security breaches

Explore the next course to onboard yourself in Remote Staff, Inc. For the meantime, please take time to complete a quick evaluation to help us improve our design and content.