Working remotely can increase employee productivity, convenience and retention. And with the CDC’s social distancing recommendation to prevent and slow the spread of COVID-19, millions of Americans are finding themselves working from home. But how can you ensure security when employees aren’t onsite?
This post provides tips to create a company security policy that prevents your business' critical information from being compromised.
Why You Need a Company Security Policy
Remote work introduces greater risks of data being exposed or falling into the wrong hands. When working from home, employees’ personal Wi-Fi networks may not be as secure or have the same enterprise-level security features they’re used to at the office. And when on the go, employees may choose to work from locations like hotels or coffee shops. Although this change of locale can fuel creativity and empower productivity, it may warrant employees to use unfamiliar or unsecure networks.
Unsecured networks do not require authentication to access them. This means that anyone can use the connection and potentially gain access to employee devices and, in turn, company information.
A security policy provides employees with set guidelines, helping them be smart and safe when accessing company data remotely.
How to Create an Effective Policy
Establish a security policy with specific guidelines tailored to your company’s unique security needs. To maintain the health of your company’s information and systems when employees are offsite, consider the following:
- Assess antivirus and malware software. Work with your IT team to evaluate if software protection still aligns with your company’s security needs and notify employees of any updates.
- Have employees access data via a virtual private network (VPN). This allows them to obtain critical data via a secure, encrypted connection that effectively joins a user’s computer to the company network as if they were physically present.
- Conduct an annual checkup or cyber threat assessment to determine if any malicious activity has been detected on your network. If suspicious activity is found, work with your IT team to determine the next best steps.
- Create a clear chain of command in the event employee devices are lost or stolen. Inform employees of who to contact and educate on best practices, such as changing passwords or wiping the device, if devices fall into the wrong hands.
- Ensure proper configuration management. Double check that equipment used by employees remotely can support software updates and prohibits the installation of unauthorized applications.
- Limit access to company information. Not every employee needs access to all company information. Vet who needs access to specific documents and data to avoid hackers gaining entry to all information at once.
- Require employees to use multi-factor authentication and unique, hard-to-guess passwords. Employees should always lock devices and company-based applications that host or can gain access to company data, and should never leave them unattended.
If employees work from home regularly, your policy should include helpful tips for securing home networks. For example:
- Secure the home’s Internet router. One of the most important devices in home security is the router, as it connects all of a home’s IoT devices. Employees should change the default service set identifier (SSID) and password to start.
- Update IoT devices regularly. Everything from a home’s router and laptops to the smart assistants and doorbells can be hacked. Firmware updates are released often and employees should check all devices regularly for updates.
- Limit network access. Employees shouldn’t feel obligated to share Wi-Fi passwords with maintenance workers, landscapers or anyone outside of family members. A guest network should be set up for visitors to the home.
- Recommend investing in reliable antivirus, anti-spyware and firewall software. This will add an additional layer of protection to employees’ home networks.
Educate employees on the importance of following company security policies and regulations. Stress to them the risk factors associated with accessing data and files from unsecure connections. If security policies are not enforced, sensitive information or network access could fall into the wrong hands.
Ready to equip your remote employees with the policy they need to protect important company data? Contact one of our trusted security experts today to get started.