Remote working is increasingly common across a wide range of businesses and industry sectors. But, while it can greatly improve employee flexibility and productivity, there are potential pitfalls. One problem that organisations may encounter when employees work remotely are security risks that can affect both individual workers, and the organisation as a whole. However, while there are some potentially serious risks involved, there are also many ways that organisations can educate employees to reduce those risks, and safeguard sensitive information.
What are the Security Risks of Remote Working?
- An employee working remotely may use an internet connection that is less secure than their work connection; this can be a particular problem if employees do remote work in public places such as libraries, hotels, or cafés.
- Risks associated with lost or stolen equipment such as smartphones, tablets, or laptops that contain sensitive data.
- Employees who live in shared accommodation may be unable to work privately or keep sensitive data private.
- Employees aren’t directly supervised when working remotely; some may have poor work habits that increase security risks.
- Remote workers may feel isolated from their organisation, which may contribute to employee dissatisfaction. Feeling dissatisfied with their job or employer can increase the likelihood that an employee might themselves exploit sensitive data or commit some other kind of malicious action.
Tips for Improving Security for Remote Workers
1. Develop robust security policies for remote workers
The first and simplest thing any organisation can do to improve security for remote workers is to establish firm, enforceable policies for all employees who spend any time working remotely.
All employees should receive training to ensure they can avoid security pitfalls associated with email and the internet; this should be strongly reinforced for remote workers to ensure they can maintain good email and internet habits when working remotely.
There may be additional concerns for mobile workers—those remote workers who might sometimes work in public areas or when travelling. For instance, company policy might dictate that mobile workers do not leave IT equipment unattended in public, or that they do not work with confidential or sensitive material in public spaces.
Some organisations may also wish to bar remote employees from performing certain kinds of tasks remotely. For instance, they might stipulate that financial transactions, and processing of personal data or sensitive data, is only performed on-site.
Finally, any policies that the organisation develops should clearly outline what the worker’s responsibilities are in terms of maintaining security.
2. Establish protocols for device security
If remote workers use company-owned mobile devices or laptops, it’s important that the employer specifies how they should be used.
For instance, the employer might stipulate that company-owned devices are used for work-related purposes only, and that the employee only accesses their work email account, and only downloads work-related documents. Another stipulation might be that remote workers only access company files using company-owned devices.
Other important security protocols might include establishing rules for password-protecting devices, or for avoiding the use of unsecured or public Wi-Fi networks. Or, for workers who aren’t able to avoid using public Wi-Fi—for instance, mobile workers who must work in the hotel in which they’re staying—policy might stipulate they use a virtual public network (VPN) to encrypt internet traffic and protect any data they access over the internet.
3. Consider Document Security
It’s not only cybersecurity that employers must consider when employees work remotely. The security of physical documents is still of concern for many employers. In fact, in instances where remote workers do work with paper documents, security may actually be a bigger concern, simply because it’s more difficult to keep paper secure than it is digital data. Paper documents can be lost or destroyed—or copied—which makes it hard to keep secure whatever data they hold.
Going paperless is the obvious solution, but when this isn’t possible, the organisation can instead develop document security policies for employees who work remotely.
This should include policies for accessing and transporting paper documents, and for storage of documents outside of the workplace. For instance, policy might include ensuring that documents aren’t seen by anyone who isn’t an authorised employee, and keeping documents locked away when not in use.
Another option is to establish a register of employees who remove documents from the workplace, so that the organisation is kept apprised of when documents are removed, and by whom.
4. Provide Training for Remote Workers
Finally—and most importantly—all remote workers should complete training or education sessions to ensure they fully understand and adhere to all the organisation’s security-related policies. This should include a briefing on all of the relevant security policies, as well as training on how to spot and deal with common cyberthreats that employees might encounter via email or the internet.
Concerned about security? Contact ACUTEC today.