Secure Thinking’s 10 Client Website InfoSec Rules are essential to protect your client and yourself when working on client sites.
1. Do not leave equipment unattended
If you have any electronics, such as laptops, phones, memory sticks, or disks that are not required, they should be kept safe and secured.
2. Use encryption
To protect your data while on the move, you can encrypt USB sticks, external disk drives, and laptops. If you lose equipment or it is targeted, this will protect your data.
3. Operate a clear desk policy
Even if your client doesn’t have a desk policy, it is a good idea to follow one. Do not leave papers or media unattended on a desk. You can either lock it away or take it with you.
4. Don’t leave sensitive information where it belongs
If it is directly related to your work, don’t keep sensitive information in briefcases, bags or laptop cases. You should keep sensitive information in a safe bag.
5. Never transmit unencrypted emails or data over public or client wi fi networks
Your client may not trust your wi-fi network, but that doesn’t make it any less important. Send sensitive information only over unsecure networks.
6. Do not connect directly to client networks
Never connect to their networks unless it is absolutely necessary for your job. This is for your protection and mine! They don’t know if their network is virus-free and secure, nor do they know if yours is.
7. Lock your screen.
If you are not using your computer or laptop, make sure that it is secured and set a low timeout for the screen lock. This will prevent you from getting distracted and allowing your system to be accessed.
8. Only work with the client’s data
Do not work on the data of another client while you are on-site for another client. There are many legal and regulatory issues that you might be exposed to, and you don’t know who might be interested.
9. Make sure your equipment is up-to-date.
It’s a common mistake, but it is important to ensure that your Anti-Virus, Antispyware, Operating System, and any other software programs you use are up-to-date. You should also disable unnecessary services and applications, and enable your firewall.
10. Don’t use removable media
You shouldn’t transfer data between client systems and your system unless it is absolutely necessary. You will need to disable auto-run functionality on your USB stick or any other device. Also, make sure that the device has been virus scanned at both ends. If possible, use a new device and encrypt it where practical.