The world changed in 2020. The coronavirus pandemic touched everyone’s day-to-day lives. It also changed the work landscape, maybe permanently.

During shelter-in-place orders, thousands of companies transitioned to remote work. Morning meetings in the conference room now take place via video conferencing solutions. Water cooler conversations went digital.

It’s impossible to predict the future of office work. When restrictions are lifted and the workforce is invited back to the office, a lot of people might stay home.

Twitter made headlines when they announced that all employees could work from home forever. They later extended that offer to Square employees, too. Big companies like Facebook, Amazon, and Capital One have also extended remote work arrangements and are likely to offer flexible work options in the future.

Whether you’re committing to remote work or just using it to get through the pandemic, you face the same challenge: data security. The built-in protections you have at the office won’t work if your team is using public wifi and lax security practices.

If any of your employees are working remotely, you should have a standard work from home policy to follow. Include details like what positions can work from home, under what conditions remote work is available, and the security measures remote workers must take.

Creating your work from home policy is easy.

Use our free template to create your own remote work policy.

Here’s what you should include in the section about security practices:

Subscribe to the Hubstaff blog

5 Security Tips for Working from Home

When your team first goes remote, security feels like a big challenge. In reality, all you need is basic awareness and a common-sense approach.

Start with these five straightforward security tips:

  • Equip your team with the right tools
  • Use secure corporate software
  • Provide VPN access
  • Coach your team about cyber security
  • Create training and policy documents

1: Equip your team with the right tools

If you supply your team with equipment in the office, you or your IT department have already taken security into account. Your employees probably didn’t think about security when they bought their home computers, though.

Send your employees home with company hardware if possible. That’s not always practical, of course, so your team might have to use their own equipment.

Before you ask your team to access sensitive data from their living rooms, ask them if their equipment meets all of these requirements.

They have the right tools for the job

Different positions have different requirements. Your designer might need a computer with a powerful processor, while your social media manager needs fast and reliable internet access.

Most of your team probably doesn’t need a top dollar PC, but a ten-year-old laptop that’s been sitting in a closet for the last few years may not cut it.

Make sure that everyone is fully equipped with the other supplies they need, too. Tools like monitors and specialized hardware can be expensive. If your team doesn’t have the right tools to do the job, they may try to find workarounds that undermine your security protocols.

All software is up to date

Every work computer should have the most up-to-date software available.

Software updates often contain security patches. Those security patches are not always disclosed in detail because the developer doesn’t want to tip off hackers that their software has a specific weakness.

All the software installed on a computer — from the operating system to the apps and games — needs to be updated regularly.

You should even update programs that you don’t use often. If you don’t think you’ll use it again, it’s better to delete it than to ignore it.

Wifi is encrypted

Insist that your staff secure their home network.

If your wifi router is encrypted, it requires a password to access. Always password protect home wifi.

WiFi router

Using the password that comes with the router isn’t enough. The default network name is also problematic, as it can tell hackers what kind of router you’re using. They can easily find the related passwords online.

Instruct your team to go into their router settings and change their network name and password before logging in for work.

Ideally, your workers should employ a high level of encryption such as WPA2 or WPA3. This is especially important if a remote team member needs to access private customer information or other sensitive data. Upgrade their encryption level by providing a new wifi router.

Set basic security rules

Remote security covers more than equipment. Security is more about behavior than hardware and software.

People feel safe at home. That makes it easy to forget protocols like locking your computer when you walk away.

Even when the only people around are trusted family members, it’s still wise to stay in the habit of locking the computer whenever you walk away. It should be an automatic action so you don’t forget.

At home, a locked computer can prevent embarrassing situations if a pet pushes buttons or a kid wants to play.

Speaking of embarrassing situations, have you ever shared your screen, only to have a Slack notification pop up with a snippet of personal conversation?

Now, your team connects via video chats and screen shares. Remind them to turn off their Slack, email, text, and other notifications before calls, especially if they deal with sensitive information in the course of their duties. Imagine a manager presenting to her team and receiving a message from HR about an employee being disciplined. That would not be nice.

Remind your employees to be mindful of physical security, too. While working in a public place, don’t go to the bathroom and leave a laptop on the table. Keep track of printed documents and shred anything sensitive instead of throwing them away.

Basically, ask your team to use common sense. It goes a long way.

2: Use secure corporate software

Right now, you might be hesitant to spend money on business tools, especially if you expect remote work to be a temporary solution. Some companies might be tempted to cut corners to save money.

For example, some companies opt for free alternatives to enterprise cloud phone systems. The cost for free software might be higher than you think.

When droves of corporate users flocked to free video conferencing software, so did hackers and trolls. Zoombombing made headlines and exposed some security risks that many users had never considered.

Choose the right software for your team, even if you only expect to use it for a few months. Hackers and scammers are just as active as ever. Security is even more important when your company is in a vulnerable position.

Use secure software

Use the right tool for the job. Corporate software is designed for commercial environments where sensitive and private data is shared. It’s built with security in mind.

Take advantage of free trials before you purchase to make sure it’s the right fit.

During your free trial, make sure your team really dives in and checks out the features. This is your chance to see if this software can handle everything you throw at it.

If you find your team cutting corners or working around cumbersome features, then it’s not the right software choice. Any built-in security features are irrelevant if your employees don’t use the program as intended.

Whatever software you choose, make sure your team knows how to use it correctly. Ask for training from your sales rep.

Update your team’s antivirus software

While you’re evaluating software needs, check on your employees’ antivirus software.

If you can, share the solutions you use at the office for your workers to use at home. Check your license agreement with providers to ensure you’re able to do this.

If your antivirus doesn’t allow you to protect employee personal devices, it’s time to upgrade. Try contacting your provider to see if they’ll give you an upgrade or a new plan. They might give you a deal while you’re working remotely.

Most of the people on your team probably already have antivirus installed, even if it’s a free version. You might consider paying for an upgrade to their existing antivirus if you’re asking them to work on their personal computer.

Choose the right cloud storage solution

Cloud storage is better than having confidential documents on home computers. Your team should only use secure, verified apps to store and manage important documents.

When working from home, your team needs to be able to find documents on their own without asking you to forward an email or send a link. You should be able to check for updates without scheduling a meeting.

Practical, secure file management gives your remote team more independence.

Cloud storage is only secure when it’s used correctly. Make sure you use the settings correctly so that only the right people have access. Some files should be password protected, such as budget sheets with team salary information.

Free cloud storage solutions like Google Drive can work well when combined with good security habits. Larger teams or companies dealing with more sensitive data might want to choose a paid solution like Dropbox or Box.

3: Provide VPN access

Working remotely doesn’t always mean working from home. Employees might take their laptops to coffee shops, coworking spaces, or other public settings.

That flexibility is one of the advantages of remote work. A change of scenery can boost focus and productivity. Plus, if you can take your work with you, you can get things done in waiting rooms and restaurants.

Working at a restaurant

No matter where your employees work, they need to access and share data. Using a VPN makes that much more secure, especially on public wifi.

A VPN is a means of providing more secure connections over distance. Using a VPN is like putting a tunnel over the road along which your data travels. No one from outside can view or access the information while in transit.

You might already use a VPN for some things. If so, consider giving VPN access to your entire team. Your IT department or your current VPN software provider can help you get set up.

If you haven’t used a VPN before, it’s not difficult to start. There are lots of providers out there. Do a bit of research and you’ll quickly find the right solution for your company.

4: Coach your team about cyber security

Training is not optional.

Scammers and hackers are more likely to exploit bad practices than software weaknesses. When your team works in the office, you expect them to stay vigilant about things like phishing emails, printing things with private data, and allowing access to third-party vendors.

You should expect the same care when you’re managing a remote team. Coach your staff on the basics of cybersecurity so they know how to stay safer.

Cybersecurity training is particularly important during the current crisis.

Your employees might have never worked remotely before. They’re under extra stress as they manage change in all areas of their lives. They need your support to learn how to work securely and keep it top-of-mind when there are so many other things to think about.

Explain the security standards in your work from home policy. Emphasize why they matter. Some security practices feel inconvenient, so make sure your team understands the risks and prioritizes security.

You should also cover general best practices for data security. Talk about phishing scams, DDoS attacks, and other commonplace threats.

5: Create training and policy documents

Put all of the stuff we’ve just discussed together and you have a framework for your remote security policy. Your next step should be to write it down and make it official.

Depending on your company size, you may need to involve HR at this stage. They’ll be able to draw up the new policies and procedures. HR will then be responsible for sharing the new information and providing any necessary training. Smaller companies should distribute the new policy documents through management.

Organize documents wisely

Keep documentation where it’s easy for employees to find. All of your important processes and procedures should be well documented and stored where they can be easily accessed. You can’t expect people to check the guidelines if it takes 30 minutes to find what they need.

The easier it is to find specific information, the more likely your employees will actually use your policy documents.

Organize documents so that they can be used as a quick reference. Break them into sections with procedures for common scenarios like installing new software or adding an outside vendor to a Slack channel.

Creating your document library will continue to pay off for years. The principles of secure remote work won’t change once the virus has receded.

Getting policies and procedures in place now gives you options. It means you could extend remote work even after your office opens again, and it makes onboarding new employees easier whether you’re hiring remotely or in an office.

Final thoughts

Data breaches and cyber attacks can cripple a company, especially when it’s already vulnerable. Take extra care with your security while your team adjusts to remote work.

Your remote team can and should work productively through the pandemic and beyond. You may even find that your team is happier and gets more done now than ever before. Manage security risks appropriately and you can get the most out of remote work.

About the author

John Allen is the director of global SEO at RingCentral, a global UCaaS, VoIP and video conferencing solutions provider. He has over 14 years of experience and an extensive background in building and optimizing digital marketing programs. He has written for websites such as Hubspot.

Subscribe to the Hubstaff blog for more posts like this

Category: Management