Articles

Security recommendations for using social media and company assets during remote work.

By August 15, 2022 No Comments
Capa

São Paulo/SP – August 15, 2022. Organizations need to raise awareness and train their teams to be proactive in protecting information and making the correct use of available platforms and assets provided by the company.

*By Victoria Silva

With the arrival of the new coronavirus pandemic, work regimes home office and hybrid work have become more popular. In recent years, more and more people have started working remotely from anywhere in the world.

Many organizations have already realized that it is possible to have quality in the result even if the team is not working in person at the office and saw that this can become a competitive differential, however, managers and employees needed to open up to test new possibilities of communication and collaboration.

Technology is directly related to every transformation we are experiencing and it must serve as a support for remote or hybrid work to really make sense, be productive, safe and healthy. Organizations need to raise awareness and train their teams to be proactive in protecting information and making the right use of available platforms and assets provided by the company.

A survey released in 2018 by the ICT household survey (IBGE), points out that the use of social networks increases every year, 7 out of 10 Brazilians are connected to the network. The data consider 181.1 million Brazilians aged 10 years and over. the report Digital in 2019, published by the companies We are Social and Hootsuite, found that 66% of the Brazilian population is active on social networks.

As the period is still careful and most companies follow the hybrid model or home office people stay connected longer and the tendency is to share everything all the time to have more interaction with our colleagues, but the greater the popularity, the greater the danger of falling into scams online committed by cybercriminals. Therefore, learning to surf safely is essential, as it is great to be able to share good results, especially when this is related to our professional business and it is extremely important that care is taken so that participation in social networks is something beneficial and not something that could be used against the individual or the company itself.

Recommendations:

For businesses:

  • Create a code of conduct;
  • Inform employees about the rules of access during working hours and the expected behavior, regarding the disclosure of professional information (confidential or not) and the issuance of opinions that may compromise the company;
  • Conduct awareness campaigns for employees, informing them about the risks of using social networks;
  • Invest in training;
  • Observing the opinion of customers and consumers or any action involving the company's name, so that it is able to take action in time to avoid any damage to the company's image.

For employees (employees and third parties):

For employees, the first step is to find out if your company has a code of ethics and conduct. In it you will find several guidelines on how your attitudes can contribute to the smooth running of the business and its performance. Then, follow some important safety tips, use of social media and company assets to help with everyday life at home:

What is not recommended:

  • Disclose any internal or confidential information of the company;
  • Publish photos on your social networks that contain internal information, such as: badge with name and registration number or forward emails containing messages received through electronic communication channels;
  • Use cups and mugs without lids that can be a great risk to the equipment provided by the company and used by you in your day to day work;
  • Avoid having meals at your work table;
  • Do not wait to return to the office to report that some equipment has been damaged.

What is recommended:

  • When taking a selfie or any other photo, check that there is no confidential information present in the frame;
  • Want to share your desktop on social media? Be careful with any internal information so that it is not disclosed, remember to check what is open on your notebook screen;
  • Attention to the use of e-mail, intranet, internet and other electronic communication channels so that messages or information, internal or external, are not disclosed;
  • Protecting and preserving the assets provided by the company is always important! Cell phones, notebooks and office supplies must be used for business purposes;
  • Give preference to bottles and cups with lids, always keeping them away from electronics so that there is no risk of getting the equipment wet;
  • If any equipment is damaged, notify your manager immediately.

Final considerations:

Companies and their employees need to pay special attention to confidential information and protection of their electronic devices, but they end up gaining the reduction in employee turnover, cost savings, flexible hours, etc.

Remote work is capable of incorporating all the pillars of information security, which does not mean that it is an easy process, after all, each of the pillars represents something that depends on a number of factors to work.

— Vitoria Silva is an Information Security Consultant at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!