Remote Work Policies and Cybersecurity - what should you be doing?

March 10, 2020

Does your business need to implement a remote work or work from home policy quickly and effectively? Short term remote working may be a solution for managing the spread of Coronivirus.

What is a Remote Work Policy?

A remote work policy is an agreement that outlines when and how employees can work from locations other than the office. These policies can be temporary or permanent. Remote work policies describe who can work remotely, best practices to follow, and the legal rights of remote employees.

What should your policy include?

Your policy should go into detail about all aspects of remote work. This includes expectations of working hours, legal rights, and cybersecurity requirements.

Make it clear what your employees obligations are and set out how to keep data safe.

Consider some of the following:

  • What tools do they need to work securely? Over and above a laptop and wifi, how will they collaborate and join in - consider what technology is required.

  • What platform will they use for video conferencing so they can virtually attend meetings? Have you considered the privacy settings, have you advised attendees if meetings are recorded?

Cybersecurity concerns should be top-of-mind

While working from home, you are basically connected to the  internet via an open and maybe non-secured network – home Wi-Fi or any public Wi-Fi – so all services and files you are accessing become at high risk of attack.

Remote workers are also more at risk of hacking as they are likely to be using less secure computer settings. If they are remotely accessing sensitive business data  this causes additional cybersecurity risks.

Do your team members need a VPN or another form of security to work on important company files or private customer data.  A virtual private network  effectively encrypts data travelling between a user’s computer and the work network providing an extra layer of security. 

Cybersecurity threats are generally higher as you are not connected via the secured workplace networks, which have adequate security measures that you do not see such as web filtering, firewall and encryption of data. If you access sensitive data through unsafe networks, your connections could be intercepted, and the data compromised.

People accessing their work email from their phone will find it harder to spot phishing emails as they can’t have a good view of the email and the link or attachment in it.

If they are accessing services or files from a malware-infected machine, malware could easily access sensitive data and even spread in the corporate network.

What can workers do to stay safe when working from home?

  • Use a VPN as well as using multi-factor authentication to log in to work-related services which adds to the security of their existing password.
  • Regularly check for software and security updates on their devices to ensure they are always fully protected.

What can employers do to to make sure they’ve addressed cybersecurity?

Your team are both your weakest link  and your best defense when it comes to cybersecurity. Make sure you do the required training to keep everyone aware and on track of the cybersecurity measures and guidelines in place. If your team are already working from home, schedule remote training via Zoom or a similar platform.

Have you set out standards for using public Wi-Fi networks, and protocol for using co-working spaces to ensure data privacy?

We can help whether its advising on a diy solution or implementing it for you. Cybersecurity awareness training is our passion.

Get in touch

Data Influence blogs and stories are provided for information only, not legal advice. Always consult your lawyer on legal matters.

Find the value in Data Protection
The most valuable asset in your business is your people.
Next is your data.
Protecting your data makes good business sense.
Start Now