Working remotely has proven to many companies that working from home — in many cases — can boost productivity, save money and make employees happier. There are lots of positives to be sure, but it is important to not overlook the negatives. Data security is the main concern. Here are some data security challenges remote workers need to address.

Weak security at home
How are your home workers accessing the internet? Do they use the same security measures you use in the office? Chances are they’re using the firewall that comes with their operating system, and that’s if they even use one at all. They may have a virus/malware security suite, but you have no idea if they keep it updated and run it constantly.

They’ll have cell phones connected to their home networks. Are those equipped with security software? How about all the smart devices a home has like smart speakers, lighting, security cameras, etc.? If a hacker wanted to get into a private home, it may be a lot easier to do so than it would be at your office. To prevent that, have your IT department or a security specialist go to each home office and look at the set-up.

Lack of training or guidance in best practices
Companies need to offer guidance to their employees that cover security training and the best practices to follow. These measures need to be used in the office and within home offices. If your company doesn’t have one, it’s important to get one in place and make sure employees understand and follow the guidelines.

You need to cover several things in a guide to working at home. You need a detailed plan that informs employees of the security software they need to use. You need to address what they should do with electronic devices that no longer work and must be recycled. You have to talk about firewalls, external storage, where to store electronics when they’re not being used and who to inform if there are problems.

At a bare minimum, you need to make sure your employees have firewalls in place, use secure passwords and use a VPN when accessing company servers remotely. Employees shouldn’t send business attachments and confidential information through a personal email account. They shouldn’t store company documents on their home computer. They need to know how to send encrypted messages to you and their co-workers.

Address who is allowed to touch work laptops. You probably don’t want them allowing a spouse or child to use the work laptop while they’re away from their desk. It may seem absurd to have to write out commonsense rules, but it’s necessary.

Use of recycled equipment 
Are you expecting your employees to use their home computers to remotely access work servers? Are they bringing home some of their office equipment and storing it in their home? If they’re using their computers, you need to consider where those laptops or desktops came from and where they’ll go when they’ve outlived their usefulness. When it’s time to recycle them, you don’t want files that are on a wiped hard drive to be recovered and fall into the wrong hands. Make sure you hire a certified ITAD partner who follows protocol designed to destroy hard drives and confidential information.

---

 

Kate Fazzini is Director of Security Operations and Engineering at Ziff Davis; an adjunct professor of cybersecurity at Georgetown University; author of Kingdom of Lies: Unnerving Adventures in the World of Cybercrime and has served as a cybersecurity reporter for The Wall Street Journal and CNBC.

John Shegerian is co-founder and Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company. Business Journal readers can visit eridirect.com/insecurity-of-everything-book/ to receive a free copy of John’s new book, The Insecurity of Everything.