Teleworking has been around for years and many companies are well adjusted to the arrangement, but as the number of teleworkers has drastically increased during the COVID-19 pandemic, it is important to understand and mitigate the risks involved in employees working outside the office. Information security is a big one.
Information security is always a concern, and not surprisingly, as vulnerability increases, as does the number of online predators. The work from home dynamic creates a very opportunistic situation for hackers and phishers. Hackers are praying on the vulnerabilities created by the pandemic. Employers with remote workers need to be mindful of data security, as a company can lose control over its data and be subject to significant legal liability due to a single breach. However, with appropriate planning, technology, policies, and employee education and communication, risk can be minimized.
To mitigate information security risk, employers should consider memorializing the following instructions and requirements as part of, or in addition to, its telecommuting policy:
Make sure that all devices owned by the teleworker are data encrypted.
Require teleworkers to use a secure connection while remotely accessing company data.
Reiterate instructions around confidentiality.
Instruct teleworkers never to use their personal email address for work communications.
Prohibit teleworkers from working over public Wi-Fi.
Have workers save data on a central file database rather than locally on their laptop.
Train employees to identify suspicious email files and to bring these to management's attention.
Instruct teleworkers about hazards of using social media to discuss company matters.
Instruct teleworkers on use of company approved and secure video and conference lines.
Prohibit teleworkers from leaving company information and devices in public areas.
Instruct teleworkers to update passwords more frequently and avoid easily identifiable passwords.
At the start of any teleworker arrangement, itemize all company equipment issued to the teleworker and ensure that all such equipment is promptly returned upon the conclusion of the arrangement and/or the employee's separation from the company.
The best way to accomplish properly communicating the expectations to the employees is through a written policy and training. In the absence of a policy manual or an employee handbook, a teleworking agreement document can be put in place to ensure that expectations are clear.
If you have any questions or would like us to take a look at your policy, please contact me at firstname.lastname@example.org or 216-716-7850.