Teleworking

Remote workers have their own operating guidelines, which are monitored. In addition, regular training is provided to staff to identify threats to information security arising from the use of mobile devices and remote work, and to review the guidelines.

Organisation's data can only be processed on a predefined, trusted network, or by using a VPN service defined by the organisation.

For example, a coffee shop's Wi-Fi network is often either completely unencrypted or the password is easily accessible to everyone. In this case, the information sent online is vulnerable to spyware. A VPN connection encrypts information regardless of network settings.

Arranging suitable equipment and storage for teleworking if the use of personal equipment beyond the control of the organization is not permitted.

If personal devices are used organization should utilize separate profiles (e.g. using Apple® Configuration Profile or AndroidTM Work Profile) to separate work data and apps from personal data and apps.

Definition of the classification of permitted work, working hours and information to be used and definition of the internal systems and services to which the teleworker is granted access.

Removable media must be stored in a safe, other locker or other secure furniture. They must not be stored around the office without careful thought.

When working remotely, the employee must follow the following guidelines:

• remote work may only be performed in rooms where eavesdropping is not possible
• remote work must be agreed in advance (e.g. on a one-off basis or in an employment contract with flexible work arrangements) or remote work must be requested by the employer
• the employee must ensure the required security for remote work equipment (e.g. backup, malware protection, firewall, encryption, updates)