How to Stay in Compliance When Employees are Working From Home
Suddenly, more employees than ever are working from home. Many employers have transformed their companies into a remote workforce practically overnight.
While you want to keep your business operational and allow your employees to continue working remotely, you also want to ensure that you are still meeting regulatory compliance standards, protecting business, your employees, and your customers.
Here are a few tips to help you remain in compliance while working from home.
1. Evaluate Your Existing Systems and Policies
If you already gave employees the option to work from home or remotely, even on a part-time basis, you may already have the tools and policies in place that your employees need to work effectively from home.
Take a look at your existing systems and policies.
Do you use encryption to help protect information stored on employee devices?
Encrypting your data storage systems can make it easier to keep that vital data safe.
Do you have policies--and strategies for enforcing them--that determine how your employees handle security when working remotely?
As many as 90% of breaches occur due to human error. If you want to keep your business safe, it's critical that you fully train your employees in how to manage their security and prevent breaches.
If you don't have those policies in place--or if you do, but haven't evaluated them recently--now is the time to revisit those policies. Your workers need restrictions that include:
- Avoiding public networks when accessing secure data within your system
- Using effective password security on all devices
- Securing all machines against viruses
Do you have the right technology and equipment?
In order to make your security as effective as possible, make sure your employees have the right equipment.
In the scramble to shift to remote work, you may find your company unable to purchase that equipment fast enough, either due to budget restrictions or because you cannot find the tools you need when so many others are also making that critical switch. Prioritize getting equipment to employees who handle sensitive information for your company and gradually role out secure equipment for other employees as it's possible or needed.
If purchasing company-owned laptops for everyone isn't in the cards for your business, consider creating or revising your BYOD (Bring Your Own Device) policy to include the basic security and performance standards that devices and networks must meet.
Related: Check out our new guide, "Enabling Remote Workers
With Technology: How to Keep Business Operations Rolling Without Compromising Productivity or Security"
2. Check Your Access and Permissions
Like employees working in the office, employees who work from home don't need the ability to access information that does not pertain to their daily work responsibilities.
As employees move to remote work, you have the perfect reason to evaluate your access and permissions to ensure that employees don't have access to systems or data they don't need to view.
Consider managing access according to:
- The employee's position within the company. Your sales team may need to access very different information from your customer support team. All of them may need access to customer data, but they'll handle it--and make changes to it--very differently. Restrict employees based on the data they need in order to complete their daily job responsibilities. Often, this simple step can help make it easier to protect your data.
- Specific projects. Some employees need to collaborate on specific projects; others don't. If employees don't need to be able to see each other's projects over the course of a normal business day, then limiting access helps minimize risk. By protecting access according to the projects employees are working on, you can help keep all your data more secure if one employee suffers a breach.
Also, now is a great time to review who has administrator-level rights for software applications, and overall network access. Limiting the number of people who have admin rights significantly reduces your risk if a breach were to happen.
3. Set a Response
We hope it doesn't happen but it's likely that an employee working remotely will suffer some type of breach or attack at some point. There are many things you cannot control when it comes to your remote employees, including the security of their personal networks.
How will your company handle it?
You'll need a response plan that will:
- Ensure business continuity to the best of your ability
- Protect as much data as possible
- Allow you to restore operations in the event of a ransomware attack
- Help you share information with relevant individuals, including those within the company who need to know and customers who may be impacted by a breach
Your remote disaster response plan may look very different from a disaster response plan that assumes everyone will be in your office at the time of an attack or breach.
Make sure you update your disaster response plan accordingly.
4. Install Effective Encryption Technologies
Remote devices, remote networks, and remote users: all of these sources can cause potential security challenges for your business.
If you don't already have encryption technology in place that protects your data as it moves between the cloud and your remote systems, or that offers protection as your data moves between devices, you're leaving your data vulnerable.
Make sure you use effective, tested encryption technologies that will keep that data safe.
5. Use Multi-Factor Authentication Where Possible
With your users working from remote locations, many of them may struggle to keep their physical devices secure. If you aren't already using multi-factor authentication to help set up those devices, consider using it now so that your users have an additional layer of security in place when they log into their devices.
Multi-factor authentication (MFA), also sometimes referred to as two-factor authentication, is where you have to verify your identity in more than one way before you can access a system, software, etc. For example, you may have to enter a password and then click on a push notification sent to your phone.
This protects you against hacks where your login credentials are compromised. Even if the cyber criminal got ahold of your username and password, they still wouldn't be able to log in because they don't also have your phone.
Multi-factor authentication should be enabled whenever possible, regardless of where employees are working.
6. Train Your Employees
Employees need effective training that can help them combat potential threats.
Virtual training sessions can help your employees update security for your organization and in their homes. They may need training in how to secure their home networks and WiFi, as well as how to manage security when using your business's systems. Institute mandatory training for all employees--and provide in-depth assistance for those that need it.
There are awesome ongoing security awareness training programs available through companies like KnowBe4. This ongoing training keeps employees on their toes with phishing simulations, teaching them how to spot real phishing scams along the way.
7. Keep All Your Software and Hardware Updated
Software updates are critical to keeping your company as secure as possible. Make sure you update your apps and programs regularly--and that your users do the same for their devices. These software updates often plug security holes and help keep your business safer.
Preparing your business for remote work while retaining compliance can be challenging, especially when you need to make a massive transition in the middle of a disaster.
If you need more help ensuring that your business meets compliance regulations for remote work, contact us to learn how we can help.
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.