For many businesses here in Oregon, work from home has moved from temporary to semi-permanent, if not completely permanent. Though COVID-19 has reaped havoc, our Willamette Valley business owners have seen silver linings like lower overhead, increased team productivity, flexibility, etc. However, the temporary measures implemented to adapt quickly to necessary WFH setups aren't strong enough to carry your business to a fully remote set up.
When your employees work from an office space, their devices are protected by a company grade firewall and only subject to network activity related to work. At home, their devices are at the mercy of their home network's security and activity.
We put together some steps to craft robust WFH security policies. If you're considering going fully remote or already have, give us a call and help you make sure your business is protected.
Steps to Create a WFH Cybersecurity Policy
1. Define what sources your employees should use when accessing company information.
Depending on how you store your information, you may want to set up a VPN (Virtual Private Network) for your employees or have your data accessible in the cloud. A VPN uses encryption to create a "tunnel" for any interactions between your employees and your employees and your secure corporate network, protecting the information from outsiders. Having all your information in the cloud allows your employees to access it wherever they are safely. Regardless of how your employees access your information having it stored securely and backed up regularly is essential.
2. Don't assume everything is working; schedule periodic security tests.
One of the most overlooked steps to securing your network is testing it. Work into your policy, regularly scheduled tests to identify any vulnerabilities and weaknesses. When you first transition to remote work, you will be blind to any weak spots, and you might not even know if you experience a data breach.
3. Your employee's actions are your biggest threat, invest in training them to identify and avoid threats.
Once you have done all the work to create protocols to keep your business secure, you need to make sure your employees understand how to follow them and the risks if they don't. It's vital to invest in employee training to ensure that everybody knows how to avoid hacking attacks and report security incidents. This training should be ongoing, with multiple reminders and refreshers throughout the year. (Add cybersecurity tips blog link)
4. Implement user-based access permissions to limit the exposure of your data.
Access controls are a proactive layer of security for your network. Outline in your policy that accesses will be given to specific users based on their responsibilities and authority levels. By monitoring and strategically restricting access, you can further reduce the risk of human error exposing your information.
5. Dictate which endpoints employees should be using for work.
If you aren't utilizing VPNs (or even if you are), you should outline which types of devices can access company information. If the device isn't owned or outfitted by the company, you won't be able to control its level of protection, putting you at the mercy of your employee's network and browsing habits. Although it can seem challenging to secure endpoints when employees are working remotely, it is possible. You can partner with a technology professional like us or leverage your internal IT team to place security and monitoring software on remote devices.
