Information security at the mobile workplace

Security in the mobile workplace is increasingly important in today's digital working world. With the proliferation of smartphones, laptops and tablets, employees can work from anywhere, which promotes flexibility and productivity.

However, mobile devices also entail risks, including data breaches, network attacks and loss or theft of devices. The University of Kassel must therefore ensure that appropriate security measures are implemented to protect sensitive data and information.

This includes encryption technologies, secure authentication methods, regular security updates and training for employees to make them aware of potential risks. This introduction highlights the challenges and best practices for mobile workplace security and how they can respond effectively to protect their data and maintain the integrity of their work environments.

The following generally applies in the (mobile) workplace

Protection from prying eyes

  • Set up a screen saver, preferably with password protection.
  • If you work with confidential data, sit in such a way that unauthorized persons cannot look at your screen, especially outside your office. Special screen protectors can be placed on laptops and smartphones to prevent shoulder surfing.

Protection from external listeners

  • Do not have confidential conversations on your balcony, terrace or in public areas (e.g. café).
  • Only use trustworthy devices or software (e.g. SoftPhone) to make calls.

Protection against unauthorized access

  • Secure your IT devices with a password, PIN or fingerprint.
  • Lock your computer, even if you only leave your desk for a short time.
  • Protect your devices from theft:
    • Lock your office door when you leave the room and the people you share the office with are also not in the room.
    • Don't let your mobile IT devices such as laptops or cell phones out of your sight, especially when you are out and about. You can lock them in a cupboard at the office.

Install software sparingly and keep it up to date

  • If possible, only install software on your IT devices that you actually use for your work.
  • Install a virus scanner.
  • Keep the software on your IT devices up to date.

Beware of suspicious mails or links

  • Close any e-mails that seem suspicious to you. Do not click on strange links.
    Please also read our information on phishing.

Be careful with third-party USB sticks

  • If you are working in public networks, e.g. on the train or in a café, please log into the University of Kassel network via VPN to transfer data.
  • Only use the software provided by the ITS for VPN connections on service devices.

In summary, it can be said that compliance with these measures is an important step towards improved information security in mobile working. By taking proactive steps such as regular updates, secure password management and raising awareness of potential threats, you can help protect your mobile workplace and your data. Ultimately, it is our shared responsibility to follow these best practices to create a more robust and secure digital working environment.

Please read the BSI's tips on secure mobile working (only as german article).

Information and instructions on the use of private devices for mobile working

  • Use up-to-date antivirus protection, for example Windows Defender under Windows 10 or similar products.
  • Back up your personal data on an external hard disk.
  • You remain responsible for the risk of any loss of your personal data, such as vacation photos etc. - for example due to a crypto Trojan or hardware defect.
  • Only use software that is currently supported and updated by the manufacturer.
  • Windows 7 and Office 2010 have no longer been supported since January 2020. Therefore, the use of such a system should be avoided.
  • Use at least Windows 10 and Office 2016 or alternatives, such as Linux as the operating system or LibreOffice as an Office alternative.
  • Only use the Hessenbox with Only-Office.
  • Do not process documents locally on private computers.
  • Do not use the Hessenbox client on private computers. As it mirrors all files locally, the confidentiality of the documents cannot be guaranteed. There is also a risk of infecting your computer with viruses and spreading them.
  • Official documents may not be stored on private computers. Nor may such documents be downloaded.
  • Edit e-mails and appointments via the webmail interface and do not download any attachments to your private computer.
  • Instead of sending attachments, please provide your colleagues with the documents in the Hessenbox for processing.
  • Always use the webmail interface. Do not use any other e-mail client on your private computer, as this saves the mailbox locally.
  • Always act with caution and prudence.
  • Log in with private computers exclusively via the central VPN of the University of Kassel.
  • Please observe any regulations or service instructions for VPN use with private devices in your areas.