The ability to work from home is a prized employee perk that offers workers the chance to free themselves from the daily commute and complete their tasks from anywhere with an internet connection.
But along with that freedom and flexibility comes the risk of security issues that occur outside the protected corporate network. Even if your company provides VPN (virtual private network) access, your computer, and everything on it, could still be compromised if someone hacks into your home Wi-Fi network or the public hotspot you’re connected to.
Ensuring that sensitive documents and files remain confidential is definitely an issue I have seen with remote employees. The first step is of course making sure that there is a secure connection to the server. This is ultimately placed in the hands of the homeowner. One thing to keep in mind is that other connected devices in your home may have far fewer security controls than your work laptop, which may give cyber criminals easy access to your device. Home-based workers must be diligent about what types of systems are on their home network that might also provide additional attack vectors.
Best practices for remote workers
You can you protect sensitive corporate data when you’re working from home by following these recommendations:
Invest in antivirus software
This is the most basic, but by no means the only step you should take to secure your company’s files. Your employer may provide a recommended software for a company-issued device, but if you use your personal laptop for work, it’s important to keep your system protected.
Don’t allow family members to use your work devices
Treat your work-issued laptop, mobile device and sensitive data as if you were sitting in a physical office location. This will help you continuously associate your actions with a security-first and data-aware mentality in mind. For example, in a physical office location your child could not use your work-issued mobile device for games or movies. If you think of your laptop and mobile devices as work-only assets, it makes it far easier to control access to sensitive data and remain data-aware.
Keep your physical work-space secure
While virtual security is important, it’s equally important to make sure that your home office is physically secure.
Home offices often contain expensive equipment or even physical files or documents that contain sensitive information, so it’s imperative to explore security options. While it’s not possible for all home offices to have a scan-to-enter system or a security guard, it’s important to add whatever elements of traditional physical security you can such a home security system.
Follow company policies to the letter
Your company likely has clear policies for accessing the company network outside the office. Those guidelines and rules should always be followed, but it’s especially important when you’re working remotely.
Report any suspicious behavior immediately and follow basic ‘computer hygiene’ standards such as up-to-date operating systems, antivirus/malware and regular scanning.
Use a centralized, company-approved storage solution
Adhering to company policies also includes using only the designated programs that your employer wants you to use, even if you prefer a different program.
This is so the IT administrator doesn’t have various security configurations that may or may not comply with the company’s security requirements.
This becomes especially important when you’re dealing with file storage and backup. You should be storing all your work data in a secure location that’s both approved by and accessible to your company.
Ensuring that sensitive data is stored and protected centrally is always a good course of action. This allows central management and control of all aspects of the data, such as ownership, access, availability, security, etc., with a reduced chance of duplicate copies residing in places beyond the reach of the organization, such as on a personal laptop, mobile device or cloud environment.
A great way to accomplish this is by switching to an Office 365 subscription.
Not only does OneDrive for Business allow us to collaborate better with one another, but it also securely saves the files in the cloud. All employees can access files on different types of devices.
Best practices for employers
If your company employs part- or full-time remote employees, take the following precautions to limit security risks while employees are working from home.
- Require that employees use a non-stored password to connect during each session, especially for VPN access.
- Enforce reasonable session time-outs for sensitive programs or applications. A user should not have to reconnect after walking to the kitchen to pour a cup of coffee, but at the same time you cannot trust everyone to always log out for the day.
- Limit program/file access to only the areas absolutely needed by that employee.
- Reserve the right to terminate employee access at any moment.
- Provide services for remote file storage and other tasks; don’t rely on individuals to use their personal programs and accounts.
Users will always take the easiest method when it comes to technology, and you can’t always enforce what software people use when they are remote, so it is better to give them the best software in the first place.
Above all, employers should outline policies, procedures and guidelines for workers who use company resources outside the office.
This includes, but is not limited to access to corporate data, acceptable use of websites, approved applications, etc. The best thing an employee can do is ensure that they adhere to the guidance.
If you or anyone you know is need of a FREE home office assessment, please contact us. We would love to help ensure that your home office is safe and secure!