Not Every Virus Can Be Prevented By Working from Home
The acceleration of technology in the early millennium caused many employers to wonder when a remote workforce may become the norm. For a variety of reasons, this never came to the fruition that many predicted. The COVID-19 virus has changed the working environment and has created novel problems of its own for employers – front of mind for many is IT security.
This transition has created many questions. Among them: How do I protect my company’s information? Will my employees remain productive? How much will this cost? At a time of uncertainty, this burden falls on leadership teams which may have limited resources and expertise in this area. COVID-19 may be the virus your employees could bring to work, but clunky IT implementation and procedures will lead to infection of technology-based viruses from home.
IT BEST PRACTICES FOR A REMOTE WORKFORCE
Utilize Company-Issued Equipment
Many dollars are spent every year to ensure that information is kept secure and private. This includes firewalls within networks, segmentation of data, encryption on company-issued devices, and virtual private networks for employees working away from their office locations. These are often implemented behind the scenes so employees may not realize how secure their working environment may be.
It is critical to work with your employees to make sure they understand the importance of always using company-issued hardware (i.e., laptops, monitors, printers, mobile devices) while working from home. The internet connects individuals to their network environment and company-issued hardware is equipped to keep that connection safe and offer virus protection. If there are employees who have not been issued hardware and portable devices, it is critical to require that they are utilizing a VPN (Virtual Private Network) to access data and systems. For those who are engaging in “Bring Your Own Device” policies, ensure that there is oversight regarding which applications are being used and how they are being used.
Work-from-Home Policies
Employers have learned many times over that employees may not always instinctively choose to do the right thing. Dress codes and employee handbooks have become standard in the workplace, and so should your work-from-home policy. This policy should be comprehensive to provide your employees with guidance on how to utilize company technology appropriately and how to secure their own technology against a virus. Include a password policy with suggestions and examples of “good” passwords. Provide clear documentation about work hours and flexibility around those work hours. Malware (malicious software) is often downloaded when employees are distracted. Providing flexibility to employees managing a new working environment will allow for better focus during their working times.
Thoroughly Vet IT Vendors
Many organizations utilize outside vendors to help solve some of the challenges of a remote workforce or changing customer experiences due to COVID-19. Most notable is the extensive use of virtual meeting platforms for internal and external purposes. Unfortunately, many meetings were “bombed” by third parties able to gain access with embarrassing and disastrous effects. Make sure your outside vendor is password protected and understand their privacy policies before going live.
Companies are also finding they need new ways to take client payments, as they work toward offering increasingly contactless services. Virtual payment systems and online payment processors are more prevalent than ever, and preferable to many customers. When engaging with these vendors, educate yourself on how payment card systems work. Are they chip-enabled systems? Are you able to take mobile payments? Is end-to-end encryption utilized? Most importantly, understand how your customers’ information is being stored. If you are retaining any of this information, you may be liable for the breach – even if the breach occurred on a third party’s network. Understand upfront what contractual indemnification you may have in the event of a breach of their systems.
Keep Up with Training
IT security experts universally recommend employee training during normal times. Your staff may need this education more than ever. There are multiple reports in the media of malware exposure due to legitimate looking emails regarding COVID-19. Ransomware exposures continue to evolve and become increasingly sophisticated. Make sure your employees know how to recognize a fraudulent request, and what to do if they suspect they have found one. Continue to engage with your IT vendors to provide this training, and provide updates on your own when you see or hear this information in the news.
Review and Inquire about Insurance Coverage
Make sure to review your insurance policies to understand where coverage may or may not lie in regard to your remote workforce. Does your insurance coverage extend to third party system providers? Does it require a formal work-from-home policy? Does your policy respond to breaches or virus exposure occurring on employee-owned hardware? A comprehensive cyber policy will respond to these scenarios, and the marketplace continues to evolve matching the evolution of the exposure.