How cyber-safe is your organization as more staff work remotely?
That is a question you need to be asking yourself regarding staff working remotely. Many organizations are encouraging employees not to come into the office to prevent the spread of coronavirus or other easily transmitted viruses like flu.
While this is a smart choice for public health to cut down on infections, how does it affect the cyber health of your organization?
Your organization’s cyber health is at-risk during this coronavirus outbreak. The cybercriminals are preying on fear of the virus with malware and phishing schemes. The new remote workers could be putting your organization the most in danger though.
Due to this coronavirus outbreak, you need to build, update, or execute policies for remote work to ensure business continuity. Systems that need to be reviewed regarding remote work is what I will focus on in this article.
Let’s get back to basics with Remote Work Policies and Remote Worker Cybersecurity. Both go hand and hand together.
Remote Work Policies.
A lot of companies have unspoken or informal policies regarding remote work. But unspoken rules can create confusion. For remote workers to be productive, they need to understand what the company’s or their manager’s expectations are for them. You do not want a disconnect to form between employees and their supervisors, which is unhelpful.
Nine items that should be in your remote work policy:
- Eligibility. It would be best if you determined what positions are eligible to work remotely and state them in your plan.
- Availablity. Outlined in the policy are availability expectations. For example, they need to work their regular schedule say from 9 a.m. to 5 p.m. or let employees set their schedules, either should be in the policy.
- Responsiveness. Define expectations whether or not a remote employee is to respond to a coworker immediately, and also specify what modes of communication are preferred.
- Productivity Measurements. The policy needs to specify how the employee’s productivity will be measured, such as time spent on the project, the number of cases resolved, the number of client interactions, etc.
- Equipment. When working remotely, the workers need the right tools to do their job, so organizations need to say what they are willing to offer to these employees. If they expect employees to provide their computers, for example, then they need to specify that. The same goes for internet service, that is a specific speed.
- Tech Support. Along with equipment, businesses need to specify if any tech support is offered to remote workers.
- Rightful Termination. While there is a rightful termination clause in personnel policies, it is important to state no employee will be terminated on the basis of working remotely.
- Client Confidentiality. State, where your employees cannot discuss clients and other sensitive information, must be included in the policy.
- Security. Businesses work on secure networks, but when data is taken out of the office, security is not assured. Remote workers need to know they must do regular updates and use a VPN.
Remote Worker and Cybersecurity
The concern about remote workers and cybersecurity is a substantial and valid one to have.
The three top cybersecurity concerns are:
- Unsafe WiFi Networks. The unsafe WiFi networks not only mean WiFi at the coffee shop but the worker’s home WiFi network. It may not be locked down with a password and not discoverable. Employees need to use a VPN when they access any unknown WiFi networks.
- Personal Devices for Work. Many smaller organizations allow employees to use their own devices. Employees may not be keeping their devices up-to-date with software upgrades, patches, and malware/virus protection.
- USB Flash Drives. Employees may be transferring data on a USB flash drive to carry with them. That carries a risk the flash drive could be lost or stolen.
The coronavirus outbreak forced organizations globally to review how prepared they are for pandemics. With more associates working remotely, firms need to plan and prepare for risks that may be involved.
Need assistance in understanding your organization’s cyber risk? Learn more about what we do at Mind The Gap Cyber and schedule a discovery call.