Ensuring remote work security
Whereas people normally work from home every now and then, you and your employees may be forced to completely work from home due to the corona crisis. Fortunately, there are plenty of technological applications available (such as working in the cloud, email, and video conferencing) that make it easy for your employees to work from home. But be aware of the risks associated with this and make clear agreements with your employees.
Risks of working from home
Companies often take measures to ensure digital security when working in the office. This includes an antivirus program on all computers, a firewall, a protective wi-fi network, and a separate network for guests. Working from home comes with risks. An employee may be using their (unsecured) private computer that is also used by their children. Or they may not have properly secured the home network, making it easy to hack. This increases the chance that your company data will fall into the wrong hands.
How can your employees work from home securely?
Make clear agreements with your employees about working from home and have a clear policy about this. Here is a list of points for attention for these agreements:
Determine which devices an employee may use
As a company, decide whether you allow the use of private computers – for example, if employees do not have a company laptop. If this is the case, give guidelines that a private computer must comply with. For example, make sure they keep software up-to-date and prevent viruses and malware.
Use strong and unique passwords
Have employees use strong and unique passwords. This also applies to the private equipment that employees may use.
Do not leave computers unattended
At home it is more likely that others (friends, partner, children) have access to the computer, for example to watch a movie or play music. Instruct employees to lock their computers when they leave.
Secure home network
Make sure that an employee sets up their home network securely. Often this is not much different from an office network. The tips for securing a corporate network (in Dutch) can also help to properly secure your wireless home network.
Which services may be used?
There are many public services that make it possible to communicate with others or share data. However, it is unwise to use arbitrary services to share sensitive data. Therefore, make agreements about which services your employees may and may not use.
Working from home with safe technology
Using safe technology can make working from home a lot more secure. Think about:
A VPN connection
A VPN connection (Virtual Private Network, in Dutch) ensures that traffic is encrypted so that others cannot watch or join in. You can set it up in such a way that employees at home can access business applications and data via this secure connection.
Secure web applications
Do you use web applications within your company that can also be reached externally by home workers, such as a CRM or accounting application? Then make sure these are set up securely (in Dutch) by encrypting the traffic.
Two-factor authentication
Applications and data that can be accessed remotely are best protected with two-factor authentication (in Dutch). In addition to their username and password, an employee then also needs a mobile phone to log in.
Licences and capacity
Usually, not all employees work from home at the same time. But depending on the situation, it is possible that all employees are forced to work from home. Therefore, check in time whether the licences and the capacity of, for example, the VPN server can handle this.
Remote desktop
A remote desktop or remote workplace is also often used to enable working from home. For example, an employee can take over a computer in the office from home using a Remote Desktop Protocol (RDP). However, there are risks involved. Often, these techniques (in Dutch) are misused by cybercriminals to spread malware and ransomware. Therefore, opt for safe settings, which is what Basic Principle 2 is about.