More companies are offering the option of working from home — or even requiring it, to manage their workforce healthy in the face of COVID-19.
Managers and leaders in all kinds of companies are seeing the advantages of allowing remote work or testing it out for their company. However, they are also considering the challenges and dangers that come with letting their employees work from home.
Let's itemize the risks of remote working here. What you can do to secure that you and your employees are doing your due diligence.
Risks of Working Remotely
Failure to ensure the physical security of a home office, coffee shop, or public workspace.
Unable to regulate or guarantee the security of the network that employees are using. Other users (family, friends, guests, or strangers) will often have access to both a public or home network.
Lack of training or knowledge of best practices when it comes to information security. This can be an issue for both workers at the office and home.
Remote workers not recognizing their role and responsibilities when it comes to working remotely securely.
How to Alleviate The Risks of Remote Workers
1. Establish a Work From Home Policy
Having a specified “Remote,” “Work From Home” or “Teleworking” policy is a must if your company plans on allowing staff to work from other locations that are not your office. This can help lessen the inherent risks of working remotely by setting procedures like information security policies that your employees must follow to work from home. This is to outline all your employees’ responsibilities when it comes to your InfoSec program.
Examples of procedures that need to be included in your remote working policy:
Method for approving remote workers
Defined responsibilities for employees
Describe what each user must do to secure their remote workspace
Outline workstation or device hardening steps
Ensure encryption is used for all data that is stored and in transit
Mandate use of a VPN for remote workers
Outline the procedure for reporting any incidents that may arise
2. Ensure You Have the Right Tools
Providing them with the right tools will also lessen the dangers of working remotely. The following are examples of some tools that we have seen referenced in Remote Working policies:
VPN - this will guarantee that network traffic is encrypted, even on a public network like a coffee shop.
Built-in Encryption - this tool ensures that if your hard drive or device was lost or stolen, it will be difficult for the data to be pulled off the device.
Password Manager - this tool will help the user store their passwords and generate secure ones.
Built-in Firewalls - this is great to prevent inbound or outbound requests that could be malicious.
3. Training and Best Practices
Educating and training your employees on best practices will help to explain and outline why they need to follow the policy and use the tools. You want your employees to care about cybersecurity.
Many companies provide Security Awareness Training. But this training is normally done only once a year and can instantly become outdated.
Having monthly or quarterly training sessions will help to keep your employees informed, educated on threats, and their responsibilities when it comes to your company’s information security program and working remotely.