Remote Work Security
While the number of Canadian employees working fully or partially from home due to restrictions caused by the COVID-19 pandemic has declined from its peak in April 2020, remote work is here to stay. If your business has continued to operate remotely or in a hybrid environment, a remote work policy is a must. In this blog post, we outline some of the key security policy areas that need to be in place to protect access to company data.
What is remote work?
Remote working is the concept of working from home or another location on a full or part-time basis. Remote working is not a formal, universal employee benefit. Rather, it is an alternative method of meeting the needs of the company and employee.
What is a remote work policy?
A remote work policy is an agreement that outlines when and how employees can work from locations other than the office or on a flexible schedule. It may apply to temporary or permanent employees and includes best practices, security requirements, the legal rights of employees and sets clear expectations for remote work arrangements.
Many Nucleus clients decided to continue to operate in a hybrid or remote work environment following the easing of health restrictions mandated during the pandemic. In an effort to formalize this shift for our clients we assisted them with the creation of remote work policies with a focus on security, a necessity given the increased cyber attacks targeting remote workers.
"Cyberattacks targeting remote workers have risen 238% in volume since the beginning of the pandemic." -Alliance Virtual Offices
Unsecured Wi-Fi, unlocked computers, and data breaches are some of the potential negative impacts a remote work policy can help prevent. Here are the most fundamental considerations that should be outlined in a remote work policy from a security lens:
Use secure Wi-Fi and avoid public Wi-Fi. All remote workers should have a unique and strong Wi-Fi password (not the default one the router comes with) and avoid public Wi-Fi networks. Unsecured networks make it easier for cybercriminals to access emails and passwords.
Ensure devices are password-protected and the computer must have a screensaver set to display within five minutes of inactivity. This will prevent unauthorized users from accessing a device or sensitive company data.
Require employees to use strong and varied passwords or a password manager. Weak passwords pose a major security risk to your business.
Require that stolen or misplaced company laptops or tablets are reported immediately. Physical theft is one of the most common remote work problems.
Encryption: Laptop and computer hard drives that contain company data should be encrypted. And, encrypt data at rest and in transit.
Multi-Factor Authentication (MFA): Multi-Factor Authentication is a security process that requires more than one method to verify a user’s identity for a login or other transaction. MFA minimizes security risks by providing an additional layer of security and helps prevent a serious breach due to lost or stolen credentials.
Put in place security hardware and software essentials, like antivirus and firewall and keep this software up-to-date.
Offer remote workers cybersecurity awareness training: Email phishing remains one of the most common types of security threats and not all employees are able to recognize scams. Offering employees training adds another layer of protection to your cybersecurity defense.
In 2021, 17% of companies breached in 2021 was the result of a direct phishing attack. –IBM
Remote work security policies and tools will vary depending on the nature of your business. Only through consultation with a vCIO can we develop a framework that meets the compliance requirements of your industry or business needs.
Beyond security, there are numerous other areas that need to be considered:
- Compensation and work hours
- Eligibility
- Travel to and from the home office
- Professionalism/Effectiveness
- Equipment and tools
- Office supplies
- Insurance
- Workspace
- Worker’s Compensation
- Liability
- Remote work schedule
- Taxes
- Communication
Is your business still operating without a remote work policy? Let us help you understand the risks associated with remote work and how you can protect your business. Schedule a meeting with us today.