Many companies allow employees to work remotely. A study by Global Workplace Analytics shows employees working remotely at least one day per week has grown 173% between 2005 and 2018. Now with the Coronavirus (COVID-19), more companies are allowing their employees to work remotely to comply with quarantine and social distancing.
In response to COVID-19, companies quickly enabled large numbers of its employee base to work from home. Such a quick shift in the working environment can lead to an increase in data security and privacy risks. The 2019 NetDilligence cyber claims study show 96% of cybersecurity claims are made by small to medium companies with an average cost of a data breach at $178,000.
What was once a minor concern, now remote work is integral to keeping your company in operation and brings new concerns over cyber security. We have created a list of ways a company can encourage strong levels of security regardless of work location below:
Communication: Update your remote work policies to reflect your company’s expectations on security. Communicate and over communicate these expectations to employees. Consider updating your cybersecurity awareness training to include remote work situations, like using free wi-fi or sending company data to a personal email or computer.
Physical security: Lock doors to your home and store laptops out of sight when not in use. This prevents theft of the devices, and it also helps separate work life from home life at the end of the day.
If living with roommates or children, lock your computer when walking away. Remove temptation to view sensitive information, accidentally send an email to the entire company or infect your laptop with viruses playing games on non-secure websites.
Use separate work devices: By separating work and personal devices it removes the temptation to email data to a personal account. Company laptops are patched and updated on a consistent schedule. Many do not have the same rigor over our personal devices. Storing work data on a personal device introduces risks around data breach and monitoring if that personal device is ever lost or infected.
Access: Not everyone has internet at home. Companies need to ensure remote employees have a reliable and secure way to connect to the office network. This may mean issuing hotspots to employees without internet at home to keep them off public Wi-Fi networks, or educating employees how to use strong passwords on a home Wi-Fi connection. Computers should also have some way to encrypt data transmissions to the company network through a secure VPN or require the use of two-factor authentication on a company website.
These connections should also allow your IT department to push updates and patches to your machine, so security remains on the same schedule as if the employee were in the office.
Encryption: If data can be saved to a hard drive of a laptop, encrypting hard drives helps protect information on stolen or compromised computers. And, for some heavily regulated industries, like healthcare, encryption on a laptop is the difference between a data breach and an incident. In many states, breach disclosure laws do not come into effect if the data lost or stolen was encrypted.