Cyber Security

Revolutionizing Cybersecurity for Remote Work and Digital Transformation

The Cybersecurity in remote work toolbox provides a simple framework to enhance your cybersecurity skills and increase your understanding of the importance of the cybersecurity routines.

Cyber security in remote work

Below you find:
    • Let’s talk about cybersecurity GUIDE pdf and video versions
    • Cybersecurity diary.
Lets_talk_about_cybersecurityLets_talk_about_cybersecurity
Cybersecurity diaryCybersecurity diary

Here you can find information about cybersecurity measure for remote work recruitment.
Read below or download pdf.

security

In a job interview

  • Find out how a person generally relates to cybersecurity.
  • Example questions for the recruiter:
  • How did you consider cybersecurity at your previous workplace?
  • How important do you think cybersecurity is?
  • Is cybersecurity important to you or do you prefer to leave it to
    the IT department?
  • What password practices do you have?
  • Do you know someone who has been the victim of a
    cybersecurity breach, and how do you feel about it?
  • Do you know someone who knows the person you are
    considering recruiting?
  • Check references

Worth considering in the social and health care sector

  • Staff in the social and health care sector are interested in caring
    for people, not IT systems.
  • However, if one out of two applicants says that data protection
    is important, this should be taken into account in the
    recruitment decision.
security

Once the person has been recruited

  • Ensure that people working remotely receive
    regular training.
  • The desire to learn is an important quality in all
    work, and in remote work it is really important
    to be curious and want to get to know things.
  • It is important that everyone stays up to date
    on cybersecurity issues (not just the IT
    department).

How can the employer support and engage their employees?

  • Attend a data security training together.
  • The employer should maintain motivation and engage the work community to minimize staff
    turnover (risk of information leakage)
  • Provide clear instructions to employees on how to take care of cyber hygiene.
  • Ensure that data security instructions are visible in the workplace (for example, a board on the wall).
  • Provide instructions on who to contact if an employee suspects they have been the victim of a
    cybersecurity incident.
  • Develop an action plan to support employees in the event of harassment on social media.
  • Develop guidelines for mobile work:
    * how to act with customers
    * on summer holiday trips, abroad, on trains, buses, airports

Cybersecurity review of your home office

  • How do you handle confidential documents?
  • Who hears your calls?
  • Do you do things other than work-related matters
    on the work computer?
  • Is the VPN turned on?

After employment

  • The employee promises on a signed form that the
    employer’s company information or customer
    information is not available on the home
    computer, in the cloud or on paper.
  • Ensure that the former employee does not have
    user credentials, permissions or access to the
    organization’s systems
security
security

Cyber- and data security audit form for distance work

Self-assessment of employees’ cyber and information security:
Fill in the form below or download PDF

Remote Workstation
Remote Workstation Your Answer Your Own Notes How to Reduce Your Risk
Can you lock the door to your remote working space?
Lock your workspace whenever possible. Discuss with your employer whether they would be interested in paying for an electric lock, for example.
Does your remote working space have a lockable locker or cupboard?
Lock your equipment and documents in a cupboard whenever you leave the premises (during lunch, at the end of the working day). Discuss with your employer whether they are interested in paying for a lockable cupboard in the room.
Are there other people (non-work colleagues) in your workspace when you are working?
Can you turn the screen to not be visible to others? Get a privacy film for the screen if this is not possible.
Do other people hear what you say during your working day?
Close the door. Use headphones. Lower your voice. If it is a confidential matter, go to a place where no one can hear the conversation or ask outsiders to leave.
Do other people have access to your workstation when you are not present?
Lock the device every time you get up from your workstation. Use a password long enough and unique enough. Keep your documents out of the reach of outsiders. "The empty desk principle."
Can your screen be seen through a window from the street?
Protect your data. Use curtains or reflective film on the window if necessary.
In Public Places
In Public Places Your Answer Your Own Notes How to Reduce Your Risk
Do you make business calls in the presence of other people?
Never use a loudspeaker. Your conversation partner's voice will not be heard if you use headphones. Go to a private space. This tip also applies to public transport and cafés.
Do you use a computer in a public place?
Get a privacy screen protector for your screen. If this is not possible, do not handle confidential information where others can see your screen.
Do you connect to public or free networks with your devices?
Avoid connecting to the public network. Share the network from your phone instead. If you absolutely have to use the public network, remember to use a VPN.
Working Methods
Working Methods Your Answer Your Own Notes How to Reduce Your Risk
Do all work devices have a password or pin code?
Install the passwords without delay.
Do you leave your work phone unattended to charge?
Ensure confidential messages are not visible on the screen during charging. Place your phone securely.
Do you lock your computer screen when you leave your desk?
Set your computer to auto-lock (e.g. 5 minutes). Remember to lock the screen when you leave the room.
When connecting your computer to a projector, do you ensure your password is not visible?
Unplug the projector when you enter a password.
Security Knowledge
Do You Know... Your Answer Your Own Notes How to Reduce Your Risk
Who to ask for advice if you're worried about cybersecurity issues?
Ask for guidance
What to do if you suspect a scam email or phone call?
Ask your employer about the company's data security policies.
What to do if your computer starts behaving strangely?
You have about 40 seconds to act, after which your entire company network may be down. In the case of a desktop computer, unplug the network and power cable as quickly as you can. In the case of a laptop, put it in airplane mode (find out right away where the function is on your own computer) and press the power button down for 15 seconds. DO NOT RESTART.

This document serves as a declaration by the employee, confirming the return of all company property, the deletion of any company-related information from personal devices and services, and the cessation of access to any company information upon the termination of employment.
Fill in the form or download PDF.

Employee Declaration at the End of Employment

To be completed upon the termination of employment.

I hereby confirm that I have returned all property belonging to (employer) that was in my possession. This includes both tangible and intangible assets.

Additionally, I declare that I no longer have access to any of the company's information, nor do I retain any company-related data in my possession, such as customer records, files, supplier lists, spreadsheets, contracts, or any other information, whether in electronic or physical form.

I have also checked:

  • all personal and other devices I have used (for example, my phone, including my photo gallery, computer, tablet, etc.), and
  • any services I have used, such as social media, communication tools, or cloud services,

and I have deleted any photographs, documents, or other confidential information belonging to (employer) from them.

Place and date:

Name of the employee:

_________________________________

 The Story of Cybersecurity Clinic #CyberAkuten 

The idea of “Cybersecurity Clinic – CyberAkuten” was born during a conversation with a micro-entrepreneur who expressed concerns about cybersecurity threats. He mentioned that these worries might prevent him from setting up a website he had planned.  

This led to the creation of a series of monthly events, held ten times in total. As the project area in Finland is in a Swedish speaking area and since there are Swedish project partners, we decided to have discussions by mixing Swedish and Finnish. Each event featured a short introduction on a chosen theme, followed by free discussions. Onsite discussions blended seamlessly with remote participants. 

The Cybersecurity Clinic was a perfect collaboration between two projects: ISSUES and DistanceLAB. Both projects target SMEs and aim to increase digital skills. The CyberAkuten discussions generated valuable material for both projects. DistanceLAB produced an easy-to-read guide for coffee tables or informal remote meetings, complete with ready-to-use templates for security discussions. Meanwhile, ISSUES created a booklet addressing most of the questions raised during the events. 

Enjoy the series of #CyberAkuten  
Reduce Stress & Boost your Cybersecurity Wellbeing 12.12.2024 (Eng) 

https://www.youtube.com/watch?v=fBmFUt1rb78 

 

Cyberhygien – Du har väl tvättat händerna? 14.11.2024 (Swe) 

https://www.youtube.com/watch?v=J2X3YbGFLJM&t=10s 

 

Hur uppstår en incident? 17.10.2024 (Swe) 

https://www.youtube.com/watch?v=R8R8a24E9II 

 

Riskhantering och du – Vad behöver man egentligen göra? 12.9.2024 (Swe) 

https://www.youtube.com/watch?v=o97h64ZQye4 

 

Så här skapar du ett bra lösenord – Näin teet hyvän salasanan. 16.5.2024 (Swe-Fin) 

https://www.youtube.com/watch?v=DeLv3X9y2pg&t=4s 

 

Multifaktorsautentisering – Monivaiheinen tunnistautuminen. 11.4.2024 (Swe-Fin) 

https://www.youtube.com/watch?v=OUODN6vmB80 

 

Skydd mot dataintrång – Suojautuminen tietomurroilta. 14.3.2024 (Swe-Fin) 

https://www.youtube.com/watch?v=4sTiq-Z9plk&t=1s 

 

Skydd mot nätbedrägerier – Suojautuminen nettihuijauksilta. 15.2.2024 (Swe-Fin) 

https://www.youtube.com/watch?v=MAAxF0tMp1A 

 

Netikett – Netiketti 11.1.2024  (Swe-Fin) 

https://www.youtube.com/watch?v=TH2sAwggI1Y&t=1s 

 

Informationspåverkan – Informaatiovaikuttaminen 14.12.2023  (Swe-Fin) 

https://www.youtube.com/watch?v=pzG8Xhb4WT4&t=1s  

 

#CyberAkuten Q & R report 2024 (In English) 

https://joom.ag/g67d 

 

Link to ISSUES-project (Funded by Interreg Aurora) 

https://www.cybernorth.se/ 

Cyber security checklists

Read here what you as an employer can do to improve cyber security.
You can also download the list as pdf here.

 

Checklist for a employer

Security Training

  • Provide regular security training with the focus on remote work-related security issues.
  • Ensure that the employees are aware of the latest threats.

Physical Security

  • Provide guidelines to employees for securing their home work environment.
  • Consider lockable cabinets for sensitive information if necessary.

Passwords

  • Encourage employees to use strong passwords and change them regularly.
  • Provide tools for password management if needed.

Email

  • Ensure employees have clear instructions for identifying suspicious emails.
  • Provide tools for verifying email authenticity if necessary.

Workspace

  • Encourage employees to keep their workspace tidy and protect confidential information. Provide secure storage options if needed.

Backup

  • Ensure that backups cover remote employees.
  • Provide company services for backup.

Remote Work

  • Provide the secure remote working tools and ensure that the employees are familiar with their proper use. Also regularly check the security of remote connections.

Mobile Devices

  • Provide company-approved mobile apps.
  • Ensure that the employees use mobile devices properly.

Malware Infection

  • Establish clear procedures for how to deal with malware infections.
  • Provide support services and stay in contact with security officers.

Culture of Continuous Improvement

  • Encourage open communication and reporting of security  observations.
  • Continuously assess and update company security practices to address the work environment and the changing threat landscape.
  • Customize these guidelines to fit the specific needs of your company.
  • Security is a responsibility for  all.

Read here how you can enhance cyber security when working at distance.
You can also download the list as pdf here.

 

Checklist for a remote worker

Security Training

  • Be an active participant in regular security training sessions. Understand security aspects related to remote work and stay informed about new threats.

Physical Security

  • Create a calm and secure work environment at home.
  • Secure sensitive documents in a lockable cabinet and keep your workspace private.

Passwords

  • Use strong passwords and change them regularly. Do not share your passwords with anyone, and keep them secure from other family members.

Email

  • Exercise caution with suspicious emails. Always verify the authenticity of a message, especially if personal information is requested.

Workspace

  • Lock your computer whenever you leave your workspace.
  • Keep your home environment tidy and protect confidential information.

Backup

  • Ensure that important files are stored securely, and regularly backup data.
  • Use company-provided cloud services if available.

Remote Work

  • Always use a strong password and enable multi-factor authentication for remote connections. Use secure remote work tools provided by the company.

Mobile Devices

  • Protect your phone with a passcode and ensure your device is always updated and secure. Avoid unnecessary apps and download only from official app stores.

Malware Infection

  • If you suspect a security issue, stay calm.
  • Disconnect and contact your security officer or supervisor.

Read here what you as a provider of digital services can do to improve cyber security.
You can also download the list as pdf here.

 

Checklist for the provider of digital services

Cybersecurity Strategy

  • Develop a comprehensive cybersecurity strategy that addresses potential threats and vulnerabilities in your digital services.

User Data Protection

  • Implement robust measures to protect user data, including encryption, secure storage, and access controls.

Compliance with Data Privacy Laws

  • Ensure strict compliance with data privacy regulations, such as GDPR, and regularly audit data handling practices.

Regular Security Audits

  • Conduct regular security audits to identify potential weaknesses in your digital services.
  • Stay informed about threats, and participate in cybersecurity communities.

Incident Response Plan

  • Establish an incident response plan to handle and mitigate cybersecurity incidents.

Employee Cybersecurity Training

  • Provide thorough training for employees on cybersecurity best practices to minimize the human factor in security incidents.

Third-Party Security Assessments

  • Conduct regular security assessments of third-party services and tools integrated into your digital services.

Continuous Monitoring

  • Implement continuous monitoring tools to detect and respond to security threats in real-time.

Secure Development Practices

  • Incorporate secure coding practices into the development process to prevent common vulnerabilities.
Remote workers can use scanning to identify vulnerabilities in their home network. Scanning can be used as part of cybersecurity measures to ensure that home networks are protected, and potential threats are detected and addressed promptly.
 
Nessus Essentials is one of the free cybersecurity tools available that can help enhance online security. It provides the ability to conduct security scans on a computer or network. Nessus Essentials offers reports on detected vulnerabilities and suggests actions to fix them. Tools such as these are an excellent way to identify and address security issues without requiring in-depth technical expertise.

By scanning devices and the network, potential vulnerabilities and security gaps can be identified. This helps prevent possible attacks and safeguards information. Through scanning, a remote worker can check which devices are connected to their home network. It´s important that all devices are known and secure. Using up-to-date software is crucial for maintaining security, and scanning can reveal if devices have outdated software. 

The frequency of using a scanner depends on various factors, including the specific security requirements of the individual or organization, the nature of the devices and networks involved, and the level of potential risks.

Do you want to continue developing your organization’s remote work routines?
We recommend these tools:

Digitalization Strategy

Remote Recruitment Start Kit

See all DistanceLab tools

Developed by

CENTRIA UNIVERSITY OF APPLIED SCIENCES
AI Engine Chatbot
AI Avatar
Hi! Can I help you find a service to assist you with a problem?