It is no secret to anyone that the pandemic has marked a before and after in terms of employee mobility, enabling us to work remotely from everywhere we wish to. Theoretically.
This has created new challenges for companies all over the globe, one being to to best grant access to the orgnizations’ resources to workers independently from their location while protecting sensible information and data.
The initial response of many companies was “connectivity first”. It was imperative that the needs of not only their customers but also the ones of their employees were met in order to stay afloat. This meant introducing live streaming, automated customer assistance, online education and much more.
In the rush many organisations oversaw the risks of this new work approach in terms of cybersecurity. These emerging security breaches created unique opportunities for malicious actors and serious headaches for IT and cybersecurity professionals within companies.
When working remotely we are able work from everywhere in the world. This can be from home but also, in a post pandemic future, from a coffee shop or in any other public space. At least theoretically.
This implies that your employees need to be able to access their corporate accounts while connected to WIFI networks with weaker security layers such as their home WIFI and/or even public WIFI. Nearby hackers can then spy through the joint network connection and get access to confidential information.
To avoid this, your employees should be instructed to only access unknown WIFI networks if they are using a Virtual Private Network (VPN) connection.
When your employees use their personal devices for work purposes, more breaches can appear. Corporate devices are taken care of by IT professionals that make sure that the regular software updates are installed making sure no cybercriminals can access them.
Personal devices may not have the appropriate software, being more exposed to virus threats, hacking, and more.
Other aspects such as employees leaving the company having stored confidential information on their devices to sell or share it later on, should also be considered.
Even though this might not be counted as a cybersecurity risk, physical threats are still part of cyber threats. This involves issues that arise from human errors, for example exposing the laptop screen in public places, talking loudly about sensitive information in a public space or even unwanted buttons being pressed by a toddler at home. Leaving your devices unattended at home is already critical. Doing this in a public place is even worse.
Our work environment has undergone fundamental changes. New opportunities but also threats have emerged and we have to look at new best practices in order to successfully tackle them.
In terms of cybersecurity, it is wise to start off by making an assessment of the security of your remote work.
Many organisations think that they first should rather focus on enabling remote work to then later look into assessing and improving their cybersecurity. However, this is not a question of either or: As a recent PWC study found out cybersecurity investments do pay off. Not only do they better protect their sensitive information by doing so but also transition faster to remote work.
All together, cybersecurity issues in this new setting are a matter of unsecured technology systems, overworked IT staff and confused employees who are new to working in a remote setting.
Many of these issues can be avoided through a remote working policy.
A remote working policy should include rules and establish fixed processes to ensure the safety of your company’s data. This framework is meant to act as a guideline for your employees and provide some structure.
It might help to start asking yourself how the shift to remote work changed your company's cybersecurity situation. Why are the cyber-protection practices that we already have in place? Which are outdated and which ones do we need to add?
Here are some aspects that you should take into consideration and include in your remote working policy:
To start off, a remote working policy should instruct employees to add a privacy screen on their laptop and other mobile devices and make sure that the used and connected devices and systems are fully equipped with antivirus, VPN and anti-malware software. A strong password policy is also essential.
Further instructions should include setting the devices to update automatically and hold back from accessing company applications and email on personal devices that are not updated.
Another best practice is including a Bring Your Own Device (BYOD) policy for employee use of personal devices on the company network. The installation of a mobile device management system on the corporate side of the device would be of great benefit, especially in the case of theft or if the employee leaves the company where any company data can be deleted remotely.
As part of the remote policy, IT leaders in the company should remind employees regularly that IT approval is needed if new services and softwares are being purchased. To facilitate the process, documents can be created with lists of what employees can download without approval.
A good remote working policy should also include contact information in case of a cyber emergency as well as training for employees, on how to set up their remote office and how to best protect themselves. This would include, for example how to shut down the entire system in the case of a sudden emergency.
When implementing cybersecurity policies in a remote setting, it is very important to consult your legal team before implementing any of these measures to avoid compliance issues, especially if your employees are spread all over the world. As an expert in the remote work environment, WorkMotion can help you to remain compliant throughout your remote-journey, supporting you in reaching your HR-goals and figuring out how to thrive in this environment. Sounds good? Contact us!