A few years ago, a company one of my colleagues worked with encountered a serious problem. One of their remote workers had their computer hacked. Lots of secure information was exposed and some people were even doxed.
This is a nightmare that no company wants to go through. The good news is that you can prepare for it with the right measures.
Developing a Remote Worker Security Plan
The Gallup State of the American Workforce Report showed that 43% of Americans telecommute at least one day a week. This is forcing employers to rethink how they manage their employees when they aren’t in the office.
Remote working is changing our economy in tremendous ways. Some of these changes are good, while others are a cause for concern. One of the biggest downsides of remote working is that remote workers can cause security risks if they aren’t careful.
It is your responsibility to develop a security compliance plan for all of your remote workers. Here are some things that it needs to include.
Make Sure Other People in Their Home Can’t Access Sensitive Documents
Most security policies focus on stopping hackers from gaining access to their machines. Unfortunately, other people that share computers with the remote employee could also get access to them. One poll showed that 21% of employees shared a computer with someone in their household.
In many cases, this isn’t a particular cause for concern. The content your remote employees have access to may only be of interest to your direct competitors, which is the reason that you had your remote employees sign a non-disclosure agreement.
However, there may be other circumstances where they have access to sensitive content that is of interest to the general public. This could include classified information that will influence security purchasing decisions or lead to the possibility of a customer boycott if it isn’t released carefully.
Make sure that their computers are properly secured
If employees use their computers to handle sensitive documents, you have a right to insist that they are secure. Here are some things that you can mandate:
- Their computers must have up-to-date malware protection.
- They need to have patch management solutions in case flaws in their software has security flaws.
- They must update their operating system, browser and Windows Defender software frequently to resolve security flaws.
These standards can minimize the risk of a security breach considerably.
Consider prohibiting employees from regions with high fraud risks
There are talented workers all over the world. However, there are unfortunately some parts of the world where fraud is a higher risk than others.
One person I know that wanted to work with Maxbounty (a CPA network that is a subsidiary of Facebook) discovered this when they applied for an account to work as an independent contractor. They denied their request to join the network because they came from a part of the world with a high risk of fraud.
You need to be realistic about the security risks associated with contractors from some parts of the world. If they are too high to merit the risk, then you need to consider being more restrictive with the localities of your workers.
Use monitoring tools
You should consider using monitoring tools to send a message about compliance. This may make your employees feel untrusted, but it is still better than taking the risks that they may do something that leaves your company vulnerable.
A lot of tools like Time Doctor and Hive Desk are great for employee monitoring. They can let you know if your remote employees are spending time on social media or doing their wedding planning when they should be at work. You may be tempted to avoid monitoring these activities if you feel that your employees are doing their jobs well. However, you need to consider that they may unwittingly be engaging in online activities that leave your company vulnerable to cyber-attacks.
What happens if they visit adult or torrent sites that are frequently contaminated with malware? They could end up with a keylogger or tracking device, which exposes all of your company secrets.
Of course, some of these security risks are going to be present if they engage in these activities off the clock. You need to decide what is a reasonable expectation. You can’t really expect them to only use the computer they bought with their own money for your work. You also can’t expect them not to engage in these activities off the clock.
One option is to pay for the computer they use and insist that it can only be used for work purposes. It will be reasonable to track all activities on a computer that you provided with the company’s budget. It will also be better for keeping employees on task since they would need to go to another machine if they wanted to browse non-work-related sites at their leisure.