Thomas Reynold
Newbie
Hey All!
Many of you have already worked from home and some are still doing it,
Working From Home is a tough ask for the companies who have never adopted this culture in years, but due to this pandemic they have to adopt it for self existence and to compete.
This WFH have led to many security concerns and to let us to think over the security measures that are necessary to take.
But above all the most crucial part is how to avoid leaking of the documents, pdf and zip files and folders that we share on the platforms like skype or zoom.
Because these platforms are much vulnerable to hackers and confidential documents can ever land to their hands.
so is their a way to avoid such risks?
As most of the companies are not security centric and they don't know much about the security protocols and sops to follow while working from home.
So anybody out their who is currently working from home and have adopted some standards of work please share.
Thanks in advance
Many of you have already worked from home and some are still doing it,
Working From Home is a tough ask for the companies who have never adopted this culture in years, but due to this pandemic they have to adopt it for self existence and to compete.
This WFH have led to many security concerns and to let us to think over the security measures that are necessary to take.
But above all the most crucial part is how to avoid leaking of the documents, pdf and zip files and folders that we share on the platforms like skype or zoom.
Because these platforms are much vulnerable to hackers and confidential documents can ever land to their hands.
so is their a way to avoid such risks?
As most of the companies are not security centric and they don't know much about the security protocols and sops to follow while working from home.
So anybody out their who is currently working from home and have adopted some standards of work please share.
Thanks in advance
Out to Lunch
Menteur
I used to work for an international outfit with a presence in some 135 countries. Many moons ago, it was telex, pactor (a system to send and receive digital information via radio), fax, and phone. In the internet era, they created a dedicated intranet -a network for the exclusive use of the organization and its associates. Now that working from home is becoming widespread, I suppose that many companies will follow suit. Today, I am simply following the advice of IT experts in using original software, only, and I update it religiously. Perhaps it would be a good idea to subscribe to a VPN service but I haven't looked into it yet.
jarski
Mentor
Work wise, am embracing this new Corona normal. My current company and all previous ones always insisted presence in the offices. I work in software industry, the work can be done from anywhere as long as being connected. There was always double talk “we are liberal and tolerant working environment” and “you must be here during working hours, or submit a request which we process...”. Now I can work home, cafe, co-working space or anywhere of my choosing. Oftentimes I find myself going to office willingly, to chat colleagues, and have free coffee lol. Don’t know if this answers op’s question, but hope this new normal is here to stay.
Tim Gray
Well-known
I use my organization’s approved teleconferencing software. And am always logged into the VPN. Very little can be done if I’m not on the VPN. For file transferring, it either gets encrypted if sensitive for email or through the org’s internal file sharing service.
lynnb
Mentor
You can use protonmail for encrypted end-to-end emails if both sender and receiver are on protonmail. You can attach files to protonmail emails. Basic account is free (has a limit on storage capacity). Pay to upgrade for more capacity and features.
Edit: they also provide VPN
Edit: they also provide VPN
Ko.Fe.
Lenses 35/21 Gears 46/20
Company must provide laptop with thier IT authorized software installed and with user login with less than administrator rights. All upgrades are done via IT as well.
VPN with multi level authorization is also norm.
And every user must go through Internet, email security training.
I had laptop like this from one client company in 2019. And my current job is with 85% working from home, each of those have company laptop since February. It is couple of thousands or so.
VPN with multi level authorization is also norm.
And every user must go through Internet, email security training.
I had laptop like this from one client company in 2019. And my current job is with 85% working from home, each of those have company laptop since February. It is couple of thousands or so.
Godfrey
somewhat colored
I'm retired now, but worked from home about 30-40% of the time in my last career gig as a technical writer, documenting new products.
I'd never use Zoom or Skype to move documents around unless the company I was working for had authorized use of these things and had set up the security systems for their use. That would have to include end-to-end, bidirectional data encryption.
My company provided a VPN login from my home to the in-house network. That was the network I used whenever I was working from home and doing any file transfer of sensitive information. I used the tools they provided for teleconferencing, virtual meetings, etc, over their VPN network channel.
In addition, ALL of my work for the company was done on their provided laptop computer ... not any of my personal computing systems ... which was equipped with encrypted storage devices to protect against data theft in the unusual circumstance that anyone else might get access to it in my absence.
To the best of my knowledge, no secure data I was involved with was ever leaked from my systems.
G
Thomas Reynold
Newbie
Well i forgot to mention that I am already using dedicated servers provided by my office to access office resources and yes we have also placed different SOPs for communication over such platforms.
As communication is not encrypted but files can, so we place passwords on documents and folders before sharing them, so if they get leaked, then it might not harm us as decryption of those keys is quite a difficult procedure and only professionals can access them.
Plus we are also using Lastpass for password sharing, so passwords can't be leaked.
But I am bit worried about the zip files, as there are certain files and folders that takes more spaces so we share them by converting them to zip files and password protect them by using the procedure provided in this guide on how to password protect a zip file , but are these only methods reliable?
Or is there any other alternative way to send big data encrypted?
As communication is not encrypted but files can, so we place passwords on documents and folders before sharing them, so if they get leaked, then it might not harm us as decryption of those keys is quite a difficult procedure and only professionals can access them.
Plus we are also using Lastpass for password sharing, so passwords can't be leaked.
But I am bit worried about the zip files, as there are certain files and folders that takes more spaces so we share them by converting them to zip files and password protect them by using the procedure provided in this guide on how to password protect a zip file , but are these only methods reliable?
Or is there any other alternative way to send big data encrypted?
Bill Clark
Mentor
Possible answer to your question: be diligent.
What about Alexa?
Is the camera on your electronic device always off? Are you sure? What about your t.v.? Smart devices in your home? Let’s look in your car.
What about tracking?
Cookies on your computer?
Do you know how much unsecured information there is on the www about you and me?
Are you participating on social media sites like this one? They’re looking at your movements you make with your computer. Facebook? How is it you can look at something on a web site then see teaser ads someplace else? Do you participate with places like Pinterest and photography forums and sites to show off your photographs?
Interesting read:
https://en.m.wikipedia.org/wiki/Frank_Abagnale
What about Alexa?
Is the camera on your electronic device always off? Are you sure? What about your t.v.? Smart devices in your home? Let’s look in your car.
What about tracking?
Cookies on your computer?
Do you know how much unsecured information there is on the www about you and me?
Are you participating on social media sites like this one? They’re looking at your movements you make with your computer. Facebook? How is it you can look at something on a web site then see teaser ads someplace else? Do you participate with places like Pinterest and photography forums and sites to show off your photographs?
Interesting read:
https://en.m.wikipedia.org/wiki/Frank_Abagnale
Ko.Fe.
Lenses 35/21 Gears 46/20
VPN provides encryption.
willie_901
Mentor
First - The fact is interception of documents (PDFs, etc) rarely occurs during transit between sender and receiver (link). An exception could be a hacker who is specifically hired to attack your company. When someone goes decide to focus on stealing your documents you they probably won't intercept email. Gmail has a confidential mode that password protects and enables expiration date for email attachments. However the attachments are not encrypted. Other mail systems offer similar protections.
Second - Almost all data security breaches are from attacks on the sender's or receiver's computer before or after documents are mailed. It is more efficient to silently steal everything and sort out what is useful.
The most effective strategy is for employees to use secure devices at home (desktops, laptops, phones, tablets and WiFi routers). All firmware and OS, application and App software should be current. Users should use effective password procedures. This is easy to say and hard to achieve.
To avoid managing and monitoring a large number of diverse hardware and software configurations, some companies use Chromebooks. Chromebooks cost between $250 and $400. Chrome OS is Linux-based OS that is limited to the Google Chrome browser with a few simple additional functionalities. Chromebooks can not be hacked directly because they only talk to a server. Nothing is retained on a Chromebook longer than it is needed for the task at hand. Unfortunately, if a company does not use browser based applications, Chromebooks are less useful.
Work group solutions like Zoom are only secure as the the developers make them. Using business products such as Microsoft Teams (and many others) have greatly reduced risk compared to less expensive solutions.
The best way to spend security resources is training employees how to be secure on-line. Human behavior is the weakest link. How may people use WiFi browsers where the access credentials were never changed from the admin/ administrator factory defaults? Things such as this are much more common than intercepting email attachments. People should not use home business devices for personal use. When we had to wire money to purchase and sell homes in 2015, I asked an IT risk expert how to minimize the risks for wire transfer theft. I was surprised when he responded, "Well, if an employee at the closing office has not been visiting Russian porn sites, there is almost no risk. But right now many of these sites are being used to distribute very effective malware to empty out wrre transfer accounts."
PS
People, please don't bother respond with ad-hoc opinions about Google. Despite fear and loathing for Google, Apple, Microsoft etc. these companies are used by large corporations and institutions who are regulated and audited by government agencies. Google is no more evil or untrustworthy than any other vendor. But Google (and others) is (are) large enough to build and maintain secure platforms. Google is not interested in your documents because Google does not make money stealing proprietary information from customers. I realize Google does harvest and sell demographic information used for marketing.
kshapero
South Florida Man
Business as usual. VPN and my anti virus software and oh yeah the second amendment.