Teleworking Tip – Lock the Door!
Effective internal controls and security maintenance require reviewing administrator rights on each laptop or tablet to ensure that employees are limited in what they can change or download. IT staff should “lock the door” and limit the ability of employees to download applications or software. There should be a review process approved through the IT department and leadership to ensure that the application or software is operationally necessary and does not create security and data threats.
A third party application or any software product that does not manage security properly can result in the infection of malware or ransomware into laptops and networks and result in loss or compromise of department data and disruption of operations. Here are some tips:
As part of required Security Access Management policies, prohibit employees from downloading any software on Commonwealth-issued equipment without prior approval from IT and leadership, a security review and operational necessity risk assessment, and inclusion of the software or application on the IT and operational inventory for ongoing review and maintenance for updates and patches.
Remove or centralize administrator rights on equipment to prevent change to the equipment by the employee.
As part of the Access Management policies for any personally-owned equipment, require employees to identify all applications, virus, malware, WI-Fi and other configurations for IT staff to evaluate security risks and ongoing maintenance for updates and patches.