activated, which protects any data on the
device if it gets stolen; protection means
that you start off with known security
software, such as antivirus, configured
in the way you want; and patching
means making sure that the user gets
as many security updates as possible
automatically, so they don’t get forgotten.
Remember that if you do suffer a data
breach, such as a lost laptop, you may
well need to disclose it to the data
protection regulator in your country.
If you want to be able to claim that you
took the right precautions, and thus
that the breach can be disregarded,
you’ll need to produce evidence – the
regulator won’t just take your word for it.
Make sure your users can
do what they need
If users genuinely can’t do their job
without access to server X or to system
Y, then there’s no point in sending them
off to work from home without access.
Make sure you have got your chosen
remote access solution working reliably
before expecting your users to adopt it.
If there are any differences between
what they might be used to and what
they are going to get, explain the
difference clearly – for example, if the
emails they receive on their phone will
be stripped of attachments, don’t leave
them to discover this on their own.
They’ll not only be annoyed but will
probably also try to make up their own
tricks for bypassing the problem, such
as asking colleagues to upload the files
to private accounts instead.
If you’re the user, try to be
understanding if there are things you
were able do in the office that you have
to manage without at home.
Make sure you can see what
your users are doing
Don’t just leave your users to their own
devices (literally or figuratively).
If you’ve set up automatic updating for
them, make sure you also have a way to
64 Issue 24 | www.intelligentciso.com