8个在家办公时数据安全的提议 8 Tips On Data Safety While Working From Home

来源:广东良马律师事务所

文章摘要
在家办公正在形成一种新的工作模式。企业和员工都有责任维护好公司数据的安全,在这特殊时期有必要继续采取适当的安全措施。以下是员工和企业在远程工作时怎样保护数据安全的一些要点。

在家办公正在形成一种新的工作模式。企业和员工都有责任维护好公司数据的安全,在这特殊时期有必要继续采取适当的安全措施。以下是员工和企业在远程工作时怎样保护数据安全的一些要点。
Working from home is forming a new mode of working life. Maintaining the security of company data is the responsibility of both the employer and employee and continuing to maintain appropriate security measures is critical at this time. Below are some key points for employees and businesses to keep data secure when working remotely.
1.安全的服务器
Secure Servers
远程工作时应该使用安全的服务器,只允许有权限的人进行访问、修改、披露或删除数据。特别是应使用文档管理系统,以便将接收到的和/或编辑过的文档保存到公司的安全系统中。
Concurrent with the introduction of the New Act, Malaysia acceded to the Madrid Protocol. Applicants in Malaysia can thus now file international applications, and Applicants outside Malaysia can now designate Malaysia in an international application. Save for Myanmar, all of the ASEAN countries are now members of the Madrid Protocol.
建议:除非公司采取的安全措施到位,否则文件不应保存在员工本地的服务器或硬盘上。
Advice: Documents should not be saved locally in the custody of employee unless company approved security measures are in place.
2.设备
Devices
在有条件的情况下,公司提供的信息技术设备应在家中使用,以保护好公司的数据安全。使用个人笔记本电脑和平板电脑会对公司数据安全带来更大的风险,尤其是在与家庭成员或者其他人共用这些设备的情况下。
Where possible, company provided IT equipment should be used from home in order to protect and secure company data. The use of personal laptops and tablets creates greater risk as to the security of company's data, particularly if other family members or others use those devices.
建议:员工应特别注意正确地登录和退出安全服务器,并确保其他用户在使用个人设备时无法访问公司数据。
Advice: Employees should take particular care that they sign in and out of secure servers correctly and ensure that other users are unable to access company data when using personal devices.
3.电脑摆放的位置
Screen Positioning
若你的设备放在一个显眼的地方,邻居、路人、家人或其他人都能看到屏幕的话,屏幕中显示的数据会有泄露风险。员工应该明确自己应该在哪里工作,并确保只有自己能够看到屏幕,注意避免他人通过窗户或在家居公共的工作区域看到自己的屏幕。
Leaving your device in plain view, where neighbors, passers-by, family members or others can see it, risks the security of the data on your screen. Employees should be aware of where they are working and ensure that they can only see their screen, including avoiding clear sight through windows, or communal areas of their homes where others may also be working.
建议:公司应鼓励员工使用屏幕防窥设备。
Advice: Employees should be encouraged to purchase privacy filters for their screens.
4.个人的邮箱帐户
Personal Email Accounts
当安全服务器、打印机或公司邮箱不能正常工作时,员工可能会将电子邮件和文档转发到他们的个人邮箱,以便访问文档和数据。
When secure servers, printers or company mailboxes are not operating properly, employees might be tempted to forward emails and documents to their personal mailbox so they can access documents and data.
建议:勿用个人的邮箱帐户来浏览或审阅文件和电子邮件。
Advice: Personal email accounts should not be used to view and review documents and emails.
5.打印
Printing
在家办公时打印文件,可能会导致机密信息或个人数据无意中泄露给无关人员,或外部人员有可能在常规垃圾文件中获取到机密信息或个人数据。
Printing documents when working from home can risk confidential information or personal data becoming inadvertently disclosed to parties who should not see it or simply picked up by outside parties through the documents being disposed of in the regular waste.
建议:为了维护数据的安全性,关键是员工应只在必要时打印文件。如果需要打印,应特别注意保护文件的数据安全,直至正确处置好文件为止。
Advice: In order to maintain the security of data, it is important that employees only print documents when essential to do so. If printing, particular care should be taken to keep documents safe and secure until disposed of correctly.
6.文件的处理
Disposing of documents
很多公司明确规定了针对包含机密信息的文件的程序处理,可能是碎纸机,或是机密箱。可是在家办公时,许多员工难以有同等能力以同样的方式来处理他们的文件,他们也不会装有带锁的柜子。可考虑由公司的信息技术部门来决定是否有权安装打印机,也可考虑安装软件来统计用户打印公司文档的数量,但这其中需要一并考虑员工的监控问题。
Many offices will have clear procedures around disposing of documents that contain confidential information, whether that be a shredder or confidential bins. While working from home, many employees will not have the same ability to deal with their documents in the same way, nor will they have access to locked cabinets. Consider whether the ability to install printers should be controlled by the company's IT department. Consider also deploying software to track the volume of printing of company documents by a user, there will however be employee monitoring issues to be considered here.
建议:员工应特别注意正确处理任何包含机密信息或个人数据的文件。如果没有碎纸机可用,文件应妥善保存,直至到文件被正确处置。
Advice: Employee should take particular care that any confidential information, or documents containing personal data, are disposed of correctly. If no shredder available, documents should be held securely until correct disposal is allowed.
7.发信息
Texting
员工应该注意避免给同事发信息时讨论涉及个人数据的机密工作,因为在办公室时通常是当面讨论的。员工的移动设备不可能像公司的电子邮箱或内部聊天室那样安全,因此应该尽可能使用公司的电子邮箱或内部聊天室。而公司应该有一套方案来控制员工使用未经公司信息技术部门批准的个人短信和视频会议。
Employees should be careful to avoid texting colleagues to discuss work of a confidential nature involving personal data that they would usually discuss in person. Employee's mobile devices are unlikely to be as secure as company email or secure internal chat rooms, which should be used instead. Companies should consider controlling employees use of personal messaging and video conferencing solutions that have not been approved by the company's IT department.
建议:公司应该列出哪些应用程序可以用来发信息或开视频会议。
Advice: Company should name which APPs are allowed for texting or video conference.
8.培训
Training
最后一点,鼓励员工利用这段时间回顾如何保护个人信息、安全义务和相关的公司政策。如果有必要,应鼓励他们参加在线的隐私及安全培训。
As a final point, encourage employees to use this period to remind themselves of need to protect personal information, security obligations and relevant company policies. If necessary, they should be encouraged to take online privacy and security training.
建议:员工应该接受在线培训,以促进和维护数据合规,特别是在长期在家工作的员工。
Advice: Employees should take online training refreshers in order to promote and maintain data protection compliance particularly when working from home for extended periods.

技术驱动法律,专业成就未来