Why are employees working at home a security risk?
Working at home became the norm for thousands of employees who would usually have adhered to strict guidelines and security measures when in their usual work place. However, these security measures were not applicable, or not enforceable, when working remotely from home. Employees were often using unsecured personal devices to access company systems and corporate data.
Many recent cyber security surveys have identified that criminals have recognised the security measures of organisations are being unintentionally compromised by remote-working employees thus providing an opportunity for criminals to gain access to corporate systems.
Financial services professionals and others admit to not following safe data security practices while working remotely as there is less monitoring and a more relaxed working environment. Organisations put measures in place to protect systems by providing support and secured company devices to employees however many were expected to use their personal IT equipment or to buy new to enable them to work at home effectively.
However, organisations are still expected to address the UK regulatory, compliance and cybersecurity risks associated with remote-working along with the expanding use of mobile and collaborative communications technology.
One of the measures that should be used to mitigate these issues, and to manage the risks, is to have a Remote Working Policy that includes guidance on storing sensitive data and devices securely, creating and maintaining strong passwords, and acceptable use policy for personal internet access. This policy should be agreed and ratified by senior staff as it may need to be used for disciplinary purposes by human resources.
The Remote Working Policy should fully explain the technical security solutions to be implemented and detail the support provided for their adoption. The Policy should also ensure that all employees are fully aware of the responsibility of remote working and the practices that they need to put in place. The policy should identify the equipment and technology required for working at home including the security measures to be adopted, for example, secured wi-fi, firewalls, VPN, etc. There should be an identified provision for communicating with other colleagues via Teams, Zoom or similar and instructions for employees clarifying their working at home responsibilities with respect to work schedules, regular contact requirements and health and safety issues.
A robust Remote Working Policy will provide a measure of mitigation of the risks associated with working at home and will help to ensure that the required regulatory and compliance issues are addressed.
If you would like to learn more about the UK regulatory and compliance risks and how they can be mitigated, then please click here to contact GCAL