From the computer security perspective, teleworking adds to the portfolio of security risks, as the remote staff member works in an uncontrolled/uncontrollable, unmonitored and very often less secure environment. As the word “teleworking” implies, it combines “tele” and “working”. Some crafty minds interpret “tele” as the common abbreviation of “television”, ignoring the Latin roots. Thus, for them, “teleworking” means arranging their professional activities with watching TV in parallel. Or, today, watching Netflix(1). And that might not be far-fetched!
Like any other academic institution, university or company with a rather relaxed “bring your own device” policy, CERN is regularly subject to allegations of copyright violations. People on site bring in their home laptops that are still running file-sharing applications, which then try to disseminate, share and exchange movies, videos or music with peers. While it is a matter for discussion (and agreement) between you and your supervisor whether listening to music while working is OK(2) (or not), and while we assume in that case that you legally own that music, the sharing of music and other copyrighted material is forbidden by many national laws and by CERN’s Computing Rules aka Operational Circular No. 5. CERN takes any kind of reported or detected copyright violation very seriously. Any allegation is usually followed up by the CERN Computer Security Team, and potentially – depending on the gravity of the allegation – by CERN’s legal service and the HR department. If the infraction is confirmed, potential infraction costs are usually passed on to the person owning the device or to their home institute.
In this respect, at least, teleworking has a benefit for CERN. The number of notifications of alleged copyright violations we received in 2020 was much lower than in previous years – thanks to fewer people on site, thanks to fewer devices on the CERN network, and thanks to teleworking (and thus a shift of such allegations away from CERN). A small plus for computer security.
Still, watch out when working from home! The overall risk, even when reduced in this particular aspect, remains high! Make sure that your home computer used for teleworking is properly secured, always kept up to date and running decent antivirus software. Watch out for suspicious e-mails, attachments or links: STOP – THINK – DON’T CLICK! One malicious webpage is enough to put your digital life and CERN’s computer security at risk. As your computer is most likely also used for personal matters, watching out also applies to your leisure time. Train your family members if they use the same computer for fun (like your kids playing online games – they might just make a “wrong” click). Ideally, use different computers for work and pleasure. In any case, be vigilant and alert. The evil side is trying to take advantage of these exceptional times. We prefer you and your computer to stay safe and sound!
(1) Please don’t. It is a privilege to work remotely – not all of us are lucky enough to have a profession that allows for teleworking. This privilege is built on trust: the trust put in you by the Organization, the trust that you will perform as well as you would when on the CERN site.
(2) We are keenly interested in any valid use case for watching videos while working.
______
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.