If you’re working on a client site, in addition to obeying their rules and policies on information security here are Secure Thinking’s 10 Client Site InfoSec rules you should employ to keep yourself and your information safe and protect the client.
1. Never leave equipment unattended
Laptops, phones, disks, memory sticks etc., should be taken with you, locked away securely or, in the case of laptops, locked to something solid with a Kensington style lock if they have to be left unattended.
2. Use encryption
Encrypt laptops, external disk drives, USB sticks to protect the data on them whilst on the move. This will help to protect your data should you lose an item of equipment or it is deliberately targeted.
3. Operate a clear desk policy
Even if the client doesn’t operate a clear desk policy, you should. Never leave papers or other media on unattended desks. Lock it away or carry it with you.
4. Leave sensitive information where it belongs
Don’t carry sensitive information in bags, briefcases or laptop cases unless it’s directly relevant to the work you’re engaged in. If you do carry sensitive information, keep it in a secure bag and don’t leave the bag unattended.
5. Never send unencrypted data or emails over public or client wi-fi networks
Just because your client trusts their wi-fi network doesn’t mean you should. Only send non-sensitive information over non-secure networks.
6. Never directly connect to client networks
Unless it is essential for your role never directly connect your systems to their network. This is to protect them and you! You don’t know their network is secure and virus free and they don’t know your system is.
7. Always lock your screen
When not working on your computer or laptop make sure it is locked and set a low timeout value for the automated screen lock. This helps to prevent your system being accessed should you become distracted.
8. Only work on that client’s data
Never work on another client’s data while on-site at a different client. There are a whole host of potential legal and regulatory issues you could be opening yourself up to and you’ve no idea who might be interested in snooping over your shoulder.
9. Keep your equipment up-to-date and secure
I know it’s a common one but you should ensure your Anti-Virus, Anti-Spyware, Operating System and other software packages that you use are patched up-to-date, you should also disable all unnecessary applications and services, and have your firewall enabled.
10. Don’t use removable media
Unless it’s essential to your work, don’t use removable media to transfer data between your system and client systems. If you do have to use a USB stick or other device, ensure you have auto-run functionality disabled (preferably on both systems) and ensure the device is virus scanned at both ends. Use a brand-new device where possible and encrypt it if it’s practical.