Work from Home Tips to Keep the Company & Employees Safe
The current social scenario forced many organisations to regroup around working remotely. However, if this is a new practice for your company, it may create some risky gaps in knowledge, especially when it comes to work-from-home policies for employees.
As such, we'll go through some of the most important policies that companies and organisations everywhere should consider implementing during social distancing times. These policies are important because they help reduce the risk of data breaches or downtimes caused by cyber-attacks (such as ransomware, malware, viruses, and more).
Rules for when the Equipment is provided by the Company
Scenario: Employees work on laptops, desktops, or tablets provided by the company.
Policy: Keep the file/folder access and security settings just as they used to be in the office.
Rules to follow:
- If using a VPN to connect to the office, this needs to be used at all times during business hours to ensure all the data is secure between your home and office.
- After hours the VPN is to be disconnected.
- No personal internet usage when connected to the VPN. This is because internet traffic runs via your office network which could slow down the experience for everyone if someone is on YouTube or Netflix
- The computer should automatically lock if it is unattended for a few minutes. This reduces the risk of family members, pets, or friends accidentally accessing company files.
- In case a laptop or other company device is lost or stolen then this needs to be reported to the IT team right away.
Rules for when Employees use Personal Equipment
Scenario: The company doesn't provide employees with equipment, so employees must use their personal devices.
Policy: All personal devices used for work must have an up to date operating system, up to date work software, and the company-accepted antivirus software.
Rules to follow:
- If the organisation has a VPN setup, the rules mentioned above apply;
- If employees need passwords to access their office accounts (passwords are stored in browser on the devices used in the office), IT or management should reset them. Ideally, each user should be prompted to choose a new password on the first login from a new device. This ensures that only the user knows the new password.
- Passwords must be secure - at least 8 characters, including upper and lowercase and numbers.
- Online login credentials are to not be saved on browsers on personal computers.
- Company data is not to be saved on any personal devices. This includes using file sync and share applications like Google Drive backup & Sync or Microsoft OneDrive. All files are to be accessed in the web browser.
- If a file needs to be used by a local application on the computer, the file can be downloaded and uploaded separately.
- Employees are not allowed to use personal email or personal file sync/storage services for work.
- The correct level of security needs to be in place on home devices, e.g good antivirus software, firewalls, website filtering etc.
Best Tools for Companies with Remote Workers
While some companies only see remote working as a temporary solution to a very difficult situation, it is a growing trend. More and more people are tempted by the idea and companies start to see the appeal and benefits.
As such, if your organisation decides to give it a go, there are tools that can help with managing remote workers while offering a safe work environment.
The first such tool is G Suite. Designed for a more flexible workforce and remote workers in general, this tool has some amazing features.
Here are some of the most important ones:
- Chrome browser management: Manage the users' experience when signed into Google Chrome browser. Manage their Chrome extensions, bookmarks, password policies all centrally
- Disable Google Drive File Stream & Backup & Sync: This will prevent your organisation's data from staying on your employees' personal devices.
- G Suite Data Loss Prevention: Protect confidential organisation data in emails and Google Drive.
- Online meetings using Hangouts Meets: Ability to have up to 250 attendees and record your meetings
- Google Cloud Search: Faster way to find all your files, appointments, contacts & emails
Another tool that comes to mind is PassPortal. This one helps with password management for the entire organisation. Even more, it allows employees to login to all the cloud services without you having to provide them with credentials. So, the risk of breach is extremely low.
One way you can make sure your organisation is safe from cyberattacks is to make sure employees are up to date with the current Coronavirus Scams targeting work from home staff. It also helps to provide them with safe sources of information regarding the local and global situation of the pandemic, to avoid any unpleasant surprises.
Lastly, make sure your organisation is compliant with the IT security recommendations provided by the Australian government.
In a society as dynamic as ours, these rules will soon become the norm. So it's best to find ways to include them in your company's work culture (if you didn't already). If you need help, speak with your IT team or Managed Services Provider.