Incorporating data security in your work from home policy
Work from home policies have soared in popularity among both employees and employers for a variety of reasons. Your task as an organization is finding a way to provide that benefit to your employees without compromising your data security.
What’s the problem with working from home?
There are many benefits to working from home – including some big ones like employee morale and productivity. In addition, employees generally appreciate the improved work/life balance and employers like that it removes distractions and conserves office resources.
Unfortunately, working from home can pose some serious security risks that must be considered in your organization’s work from home policy. In a modern workforce, the Internet of Things (IoT) is growing in popularity. These internet-enabled devices that collect and act upon data create a massive liability when it comes to data security. While smartphones, tablets, laptops, wireless headphones and smart speakers can make jobs easier, they also amplify the network attack surface. More devices mean more security risks.
Remote access also raises the issue of unsecured networks. If employees are using unsecured networks to access corporate data, they put that information at risk. Additionally, when employees work from home, organizations have no control over the physical security of the devices. In a less formal setting – like at home vs. in the office – people are more likely to observe a lower level of security precautions. They may leave their computers unattended, or leave desk drawers unlocked. These simple behaviors create a security risk – even if your employees don’t realize it.
Data security measures and considerations for your work from home policy
- Configure Devices: If you provide hardware to your employees, it’s probably already set up on the security front. But if your employees are using any of their personal devices to access work information, consider establishing security standards and requiring IT to configure all personal devices to your security expectations as part of your work from home policy.
- Set up a VPN: This is a key step to a successful work from home policy. A Virtual Private Network lets your employees access your secure network remotely – and keeps hackers out thanks to authentication requirements. Make sure to configure access permissions and encrypt data. It’s probably also a good idea to require the use of a VPN while accessing sensitive data rather than allowing offline access.
- Approve applications: Make a list of approved applications your employees are allowed to use for collaboration and saving data. Communicate that list to them as part of your work from home policy.
- Set up physical security policies: Some examples of protecting devices are requiring a password, instituting two-factor authentication, and requiring an auto-lock feature.
- Educate employees: Explain both your work from home data security policy as well as the reasoning and considerations behind it. If employees understand the risk, they are more likely to comply with best security practices. Reiterate that working from home is a privilege – but it can’t be offered at the expense of information security.
- Implement employee monitoring software: Even the most security-educated employees can inadvertently put data at risk. Insider threats are the number one cause of cyber attacks in business. Employee monitoring software as a part of your work from home policy will catalog activity, prevent and detect threats, and help you respond to risks as quickly and efficiently as possible. Tracking user activity via remote access allows you to offer the benefits of working from home with the knowledge that your security risks are constantly being managed.
Offering remote work benefits can help attract and retain employees. Keep that perk working for everyone by building data security into your work from home policy.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.