Your Blueprint for a Secure Work from Home Program
April 19 2021
The transition to remote work due to the coronavirus pandemic has been well established, and it’s looking like this change may become permanent for many. It has been thoroughly documented that the benefits of a remote work program are unparalleled: increased productivity, expanded talent pools, cost savings, and much more. While these advantages are apparent across industries, there are also inherent risks that come with a remote workforce, primarily in relation to data security.
Having your employees spread across the state, country, or perhaps the world presents a new set of concerns that may not have been previously on your radar, for example: Who has access to your network? Do you have policies in place for employees who use company-owned equipment? Should you regulate your employees’ home Wi-Fi? Fortunately, there are steps you can take to ensure your company’s sensitive information remains under your protection while your employees continue to work from home.
Here are some ways you can ensure your remote work program is as secure as if your employees were working on site:
1. Develop a Work from Home Eligibility Procedure
When creating your remote work security policies, take employee access into consideration when determining eligibility. There may be certain systems or information—and therefor certain positions—that need to remain inhouse.
Prior to distributing company-owned equipment and/or access to a remote network to any employee, develop a standard procedure for determining eligibility. Consider asking questions like:
- What information systems does the employee have access to when in the office?
- What will the employee need to access in order to do their job effectively from home?
Once an employee is deemed eligible, have them sign an agreement to follow all remote work policies and procedures. An extra tip: The agreement should include the address of their home office as well a directive to inform your systems administrator if company equipment ever leaves that home office.
2. Restrict Remote Access
Require all remote network access be performed on company-owned equipment and only during regular business hours. This will provide your systems administrator with access to all computers and give them the ability to terminate any unusual behavior and single-handedly prevent sensitive information from being accessed outside of your already trusted equipment. At the end of their workday, all employees should disconnect from the remote network to reduce unnecessary risk, unless otherwise directed.
Replication of any and all sensitive information should be prohibited, including but not limited to:
- Sharing secure data to an employee’s personal email address
- Copying to cloud storage
- Transference via external drive to a personal computer
3. Mandate Password-Protected Wi-Fi
Your employees should have freedom to choose their internet service provider, but you should require that their Wi-Fi be password protected using industry standard WPA2 encryption. Implement a password development procedure and instruct employees to create a one-of-a-kind password for their Wi-Fi.
The strongest passwords are a unique passphrase that has at least 12 characters containing upper case letters, lower case letters, numbers, symbols, and spaces.
For example, the password “Alltheleavesarebrown” could be cracked in less than an hour, while the passphrase “All the Leaves are Brown212?” would take an estimated 3 billion years to crack. If an employee struggles with creating a unique passphrase, encourage them to test their passwords to see how secure they really are. Once they’ve implemented a new password, request evidence of WPA2 encryption prior to providing access to your secure network.
4. Keep Printing to a Minimum
5. Stay in Touch
If an employee suspects any sort of malicious activity has occurred in their home office or on company-owned equipment, direct them to inform Management, IT, and Information Security immediately. A prompt investigation should be conducted. Information to complete an investigation may include:
- Any company-owned hardware
- Personal electronic devices connected to company-owned equipment (external drives, cell phones, printers, etc.)
- Wi-Fi configurations/settings
- Contact information for their internet service provider
- Any printed materials generated from company-owned equipment
Ensure all of your employees are up to date with the latest remote work security procedures by facilitating “Remote Work Security Refreshers.” This will keep the line of communication open and put data security top of mind within your workforce.
6. Physical Security
Data security is not exclusive to evading hackers and online threats; physical security measures should be taken just as they would in the office. Direct your employees to keep any and all company-owned equipment locked in a cabinet, desk, or room when not in use for extended periods. Furthermore, mandate that only authorized employees be allowed to use company-owned equipment; friends, family members, and acquaintances should be prohibited from using your company’s equipment for any reason.
Ready to get serious about security?
Setting clear expectations and guidelines for remote work security takes the guesswork out of what is and is not allowed and ensures sensitive and proprietary information will not fall into the wrong hands. Moreover, having employees you can trust is the first step to a secure and successful work-from-home strategy. InfoMart’s pre-employment background screening and continuous criminal monitoring make that simple.
About Tammy Cohen
Tammy Cohen, an industry pioneer and expert in identity and employment screening, founded InfoMart 30 years ago. Deemed the “Queen of Screen,” she’s been a force behind industry-leading innovations. She was most recently the first-to-market with a fully compliant sanctions search, as well as a suite of identity services that modernizes talent onboarding. Tammy revolutionized the screening industry when she stepped into the field, developing the first client-facing application and a due diligence criminal search that has since become standard for all background screening companies. Cohen has received national awards and honors for her business and civic involvement, including Atlanta Business Chronicle’s Top 25 Women-Owned Firms in Atlanta, Enterprising Women Magazine’s Enterprising Women of the Year award, the YWCA of Northwest Georgia’s Kathryn Woods Racial Justice Award, and a commendation in the 152nd Congressional Record.
About InfoMart
InfoMart has been revolutionizing the global background and identity screening industry for 30 years, providing businesses the information they need to make informed hiring decisions. They develop innovative technology that modernizes talent onboarding, including a first-to-market biometric identity authentication application and a verified sanctions search. The WBENC-certified company is a founding member of the Professional Background Screening Association, and they have achieved PBSA accreditation in recognition of their consistent business practices and commitment to compliance with the FCRA. The company is dedicated to customer service, speed, and accuracy, and it has been recognized for its success, workplace culture, and corporate citizenship with over 45 industry awards. To Get the Whole Story on InfoMart, please visit www.InfoMart-USA.com, follow @InfoMartUSA, or call (770) 984-2727.