Educause Security Discussion mailing list archives
Mitigating the Risk of Privacy Breaches in the Home Office
From: Bryce Cunningham <bcunningham () COLLEGES-FENWAY ORG>
Date: Mon, 16 Mar 2020 17:50:03 +0000
For obvious reasons, cybersecurity safeguards in the home office are increasing in importance as our schools rapidly adjust to a new business environment where working at home is no longer the exception. This is an additional concern for institutions that may not be able to provision endpoints for all staff. The more apparent mitigation is schools developing and publishing security baselines for employees who work on personally-owned computers (anti-malware, VPN, encryption, minimum O/S type and version, software updates, et al.). That’s sensible and necessary, but we must also consider the less obvious data loss vector of family, friends, contractors, etc., viewing PII on an employee’s computer in the home office. Regardless of how unlikely we think this would occur – or how likely an employee would report to us such an incident – it could still be a privacy breach depending on the jurisdiction of the institution and the residency and/or nationality of the person’s whose privacy was breached. I see three controls to mitigate this: Privacy screens, password-enabled screen saver with idle activation, and a policy for accessing digital PII off campus. Please comment if you can think of other controls to mitigate this specific risk… or have an opinion on the necessity of such controls. Bryce Cunningham, MS, CISM, CISSP Information Security Officer Colleges of the Fenway (ISO for Wentworth Institute of Technology and Mass College of Art and Design) Email: bcunningham () colleges-fenway org<mailto:bcunningham () colleges-fenway org> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Mitigating the Risk of Privacy Breaches in the Home Office Bryce Cunningham (Mar 16)
- Re: Mitigating the Risk of Privacy Breaches in the Home Office Laura Raderman (Mar 16)
- Re: Mitigating the Risk of Privacy Breaches in the Home Office Blake Brown (Mar 16)
- <Possible follow-ups>
- Re: Mitigating the Risk of Privacy Breaches in the Home Office Bryce Cunningham (Mar 17)
- Re: Mitigating the Risk of Privacy Breaches in the Home Office Laura Raderman (Mar 16)