A Risk Manager’s Real Guidelines for Work-From-Home Employees
During the coronavirus crisis that’s forced so many companies to abruptly become light on their feet in so many ways, it’s important for them to put proper policies and procedures in front of their suddenly much bigger work-from-home workforce.
A Gallup study in 2017 found that 43% of American employees already worked from home with some frequency, so many HR departments and risk managers already know the ropes in this area.
One person here at Mitratech who’s had to manage that challenge? Carly Franks is our Senior IT Security Risk & Compliance Analyst at Mitratech, and a resident expert in the policies and procedures that apply to us all. She’s also one of the nicest people you’ll ever work with, which is a wonderful quality to have in a person who’s responsible for enforcing the rules. And during a time like this, those rules remain important – and in some cases, they’re more important than ever.
For some, only one thing changes
As Carly points out, once a person begins to move outside the safety net of his or her company’s corporate infrastructure, they and everyone else need to be reminded of any specific policies that still apply. At Mitratech, we follow an Acceptable Use Standard and Work Environment Standard , and provide everyone with some security awareness practices.
In many cases, the only thing that’s changed for an employee is geographic location and the fact s/he is “working in your pajamas rather than whatever you would wear to the office,” Carly says.
Based on our own policies, here’s a list of the basic rules that employees at a typical company ought to be following as they begin working remotely.
The employee policy dos and don’t of working remotely
First off? They need to be aware of where they’ll be working, and who and what may be around them in that environment:
- Will people able to see over the employee’s shoulder or eavesdrop on conversations? The should position themselves so that’s not possible.
- Is their Internet service public WiFi? It might not be advisable to carry out company business over public WiFi without additional security controls in place.
- How will their laptop and any company data, whether in document or electronic format, be kept secure from unauthorized access, loss, or theft?
They should be cautious about use of email:
- They should have a heightened awareness about emails received; if it’s not from a familiar and verifiable sender, or otherwise doesn’t fit into your normal email patterns, question it. Even if it does seem to fit, be alert to any anomalies that might indicate it might not be what it appears to be.
- If they receive an email from a known contact asking the employee to do something, it doesn’t hurt for them to reach out to the sender for veritification by texting or calling them, or emailing them at a known second address of theirs.
Employees should use company-issued devices only for company work:
- They shouldn’t visit sites using company equipment for any non-business purposes.
- What’s this include? Gambling, gaming, online shopping, or other entertainment purposes. They especially shouldn’t visit any sites containing obscene, hateful, or other objectionable materials.
They ought to be careful with printing, or anything printed:
- They shouldn’t dispose of any paper or documentation that contains company business information in a trash can; they can bring it back to the office so it can be properly destroyed.
- If using a copier others use, a remote worker has to remember to not leave document originals on the glass or in a tray, and if they have to output anything using a printer others can access? They must sure its buffer is cleared of any data when done.
And, of course, observe sensible digital security:
- An employee should conduct the company’s business using company-issued devices, unless otherwise approved.
- Password protection is mandatory for any work related to the company’s business, including any removable media containing data related to the company’s business or that of its clients.
- They should ensure that any work carried out remotely is saved on the company’s system or is transferred to it ASAP.
- See the printer tip above: if they’ve got to use any third party IT device for company work, they must make sure their files or data get deleted.
- If a laptop, tablet, mobile phone, memory stick, or other portable device with company data on it is lost or stolen, they’ve got to immediately report it to IT.
Making the most of a unique situation
There’s a new level of responsibility and trust being invested in employees who are are working strictly from home. It’s a great opportunity for them to be proactive and independent, yet collaborative as never before, and to learn new things. Like what top to buy for all those Zoom calls.
It’s a chance for your staff to rise to a very unsual and challenging occasion. If your team is anything like the one at Mitratech, we know they’ll be equal to the job. Especially this guy.