Five ways to ensure remote working security and compliance
A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security
Even in countries where the effects of the Covid-19 pandemic are decreasing, hybrid ways of working – between the office and employees’ homes – have become the norm for many, if not most, organisations. And that means it is an absolute priority to secure systems used across on-premise and remote locations.
In this article, we look at five key things to do to ensure compliance and security as workforces begin to return to the office, but with the assumption that some level of remote work is here to stay.
1. Evaluate your compliance and security systems
Many organisations implemented radical measures when suddenly faced with the fait accompli of a remote workforce. Decisions may have been spur-of-the-moment and, more than a year later, the adoption of tools deployed in those situations could have become quite extended.
Now these platforms – notably in messaging, video-conferencing, collaboration, remote support and data storage – need to be re-evaluated with regard to compliance, data confidentiality and security principles such as integrity and availability.
2. Be aware of security at all times
When employees were overwhelmingly office-based, it was possible to remind them constantly of the importance of security by means of visual forms of communication around the workplace. To continue that in a situation of hybrid working, these reminders need to be transmitted virtually into the homes of remote workers.
For example, gamification is one of the methods that can reinforce sensitivity to security and the formation of good practices.
3. Extend the risk perimeter
With many employees choosing to work from home permanently and only occasionally come into the office, their home becomes part of the risk perimeter for the organisation. So it is essential to extend a policy of zero tolerance to any connected hardware, such as smart TVs, internet-connected fitness equipment, intelligent speakers, cameras, and so on, at the employee’s home.
Also, consider making a virtual background mandatory for employees on video-conference calls so that third parties can’t see the homes of staff members and potential ways in. You can also help your workforce to separate their networks so that domestic appliances live on a distinct sub-network to that of their professional hardware. Try to see the homes of employees as an extension of the enterprise network.
4. Establish uniform policies for employees at home and in the office
When working between the office and employees’ homes, the physical security perimeter no longer exists. So, staff members on-site must be afforded similar – zero – levels of confidence in a similar way to those in the remote workforce, in terms of security. That means that a VPN, if deployed, must always be used across all locations.
Also, multi-factor authentication is equally indispensable. Meanwhile, keep a constant eye on the hardware and habits of users in order to establish a coherent policy to govern alerts and responses.
5. Backup, backup again and test it regularly
You really have to make sure that data generated by remote workers and those on-site is backed up – and, critically, that backups are tested regularly. That includes data resident on staff portable hardware, as well as data stored in the cloud.
With the number of ransomware attacks on the rise, it is essential to be able to guarantee that activity can continue if you are hit. If your organisation has the financial means, it is worth storing primary and backup data in different clouds.
Read more on remote working
- Top five threats to compliance during the pandemic. We survey the top five pandemic compliance threats – remote working, Covid tracking, criminal exploits, compliance measures slipping, and heightened enforcement to come.
- Podcast: Remote compliance assessments and how they are done. Remote working adds to IT compliance risks, but doesn’t remove the need to assess compliance. How are remote compliance assessments carried out and how can you prepare for them?