4.5 Working place at home - (Telecommuting)

Description

If professional tasks are performed at home instead of a company or institute, appropriate measures must be taken to achieve a degree of security comparable with that prevailing on office premises. A home environment does not normally provide the security infrastructure present on the premises of a company or institute. Visitors and family members often have access to a home workstation. This chapter describes the threats and safeguards pertaining typically to home workstations. Such a workstation can be used, for example, by regular employees for the purpose of telecommuting, as well as by freelancers and self-employed people.

Threat Scenario

The following typical threats are assumed as regards IT baseline protection of a working place at home:

Force Majeure:

• T 1.4 Fire
• T 1.5 Water

Organisational Shortcomings:

• T 2.1 Lack of, or insufficient, rules
• T 2.6 Unauthorised admission to rooms requiring protection
• T 2.14 Impairment of IT usage on account of adverse working conditions
• T 2.47 Insecure transport of files and data media
• T 2.48 Inadequate disposal of data media and documents at the home work place

Human Failure:

• T 3.6 Hazards posed by cleaning staff or outside staff

Deliberate Acts:

• T 5.1 MManipulation/destruction of IT equipment or accessories
• T 5.2 Manipulation of data or software
• T 5.3 Unauthorised entry into a building
• T 5.69 Higher risk of theft from a working place at home
• T 5.70 Manipulation by family members or visitors
• T 5.71 Loss of confidentiality of classified information

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.
The safeguard package for "Workstations at Home" is specified in the following.

Infrastructure:

• S 1.1 (2) Compliance with relevant DIN standards/VDE specifications
• S 1.7 (3) Hand-held fire extinguishers (optional)(optional)
• S 1.15 (1) Closed windows and doors
• S 1.19 (2) Protection against entering and breaking (optional)
• S 1.23 (1) Locked doors
• S 1.44 (2) Suitable configuration of a home workplace
• S 1.45 (1) Suitable storage of business-related documents and data media

Organisation:

• S 2.13 (1) Correct disposal of resources requiring protection
• S 2.16 (2) Supervising or escorting outside staff/visitors
• S 2.37 (2) Clean desk policy
• S 2.112 (2) Regulation of the transport of files and data media between home workstations and institutions
• S 2.136 (2) Observance of rules concerning workstations and working environments

Personnel:

• S 3.9 (3) Ergonomic workplace (optional)

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000