In recent weeks, numerous companies have sent their employees to the home office whenever possible. Their own four walls may protect them from the Corona virus, but not from data theft or misuse. Companies that had not previously established concrete guidelines and rules for home office activities now often let their employees work with their private notebook, PC or smartphone. The security risk is therefore increasing significantly for the companies and is causing the IT departments in particular to get very excited – provided that this is available at all.

Minimum requirements for staff and IT

To avoid possible risks, companies should introduce a standard that includes certain minimum requirements for staff and IT. These include technical measures such as setting up a virtual private network (VPN for short) so that communication with the company network can only take place in encrypted form. A unique identification of the user should also be in place. Concrete measures such as the introduction of two-factor authentication (2FA for short) by means of TAN or SMS as well as extended password and login guidelines are a basic requirement. This also includes time restrictions such as automatic logout: Users should be automatically logged out of the network after a certain period of time or after no more entries have been made for a longer period of time, so that no unauthorised access takes place. Clear rules of conduct, such as locking doors and windows when leaving the office, should also be in place.

Compliance plays an important role

The legal framework also plays a major role in mobile working: for example, there should be clear guidelines and, if necessary, additional contractual agreements that regulate working in a home office. Topics such as working hours and work equipment, including terms of use, must be specified. Contracts for the use of mobile devices such as PCs, notebooks and telephones, including rules for returning them, should also be clearly defined. Other topics include liability and insurance during mobile working as well as a declaration of commitment to comply with data protection regulations.

Further counselling

Would you like a concrete review of whether the measures you have taken offer a sufficient level of protection or would you like us to accompany you in the introduction of IT security measures? We would be happy to provide you with a comprehensive consultation (also online). The long-term establishment of IT security standards and information security measures in your company should also be a goal worth pursuing. We will gladly accompany you in the introduction of security concepts and management systems. Please take a look at our concrete consulting offers in the area of IT security management and basic protection, information security management according to ISO 27001 as well as our general consulting in the area of IT security, data protection and compliance.