work from home

Six essential Steps to Secure Employee Remote Working

Many organizations have taken a leap into the unknown in taking the dramatic step of migrating employees to work from home to keep their employees and customers safe from COVID-19. Employee’s home environments are not set up with security in mind and present an attractive target for cyberattacks to aim for, It is therefore critical for organizations to support remote staff with all the tools necessary for seamless operations.

  1. Tighten up Access to Company Data. Companies should ensure that all connections to their information systems are secure connections, such as a virtual private network (VPN) or virtual desktop. Not every employee has secure Wi-Fi, so require employees to use a VPN to reduce cyberattacks. Employers should limit employee access to only the information they need to do their job, using the “POLP” principle of least privilege. Companies should also consider implementing two-factor authentication for accessing company networks and systems. That way, if an employee falls prey to a phishing email, and the email is compromised, two-factor authentication would prevent the phisher from accessing other company information.
  2. Inform Employees on Patching. Companies should ensure that critical weekly software, antivirus, and malware updates patches are up to date. Communicate with employees to ensure that any home systems used to or connect company systems have up-to-date antivirus and malware protection. Companies may want to send weekly reminders to employees to be sure patches are kept up to date.
  3. Ensure compliance with new data privacy laws. Remind employees about their obligations in handling personal and proprietary data. Request that employees avoid transferring any sensitive information via email. Provide employees and vendor partners with a secure portal or FTP site to transfer any sensitive or proprietary information.
  4. Update Your Data Regulation policies and documentation. When introducing new technologies into your operations, organizations are mandated to assess the risk to data subject data. Here are a few of the requirements.
    1. Data mapping
    2. Contracts
    3. Privacy Policies
    4. 3rd party processors/controllers
    5. DPIA ( if risk is high)
    6. Employee awareness/training
    7. Check with your business insurers
  5. Dust off your Disaster Recovery and Business continuity policies Even the best operational plans can go awry, so having your DR and BC plans and the team knowing what to do and when are critical in ensuring data protection and business interruption.
  6. Be Prepared to respond to a data security incident Companies should anticipate cyberattacks, including reviewing the Security Incident Response plan and confirming cyber insurance coverage. It’s critical to monitor for security incidents proactively, including monitoring the network for spikes in activity, unusual credential activity, or different IP addresses. Provide employees with a telephone number to call about any suspicious data security incidents

See how Relentless Data Privacy Services can help your organisation

Sharing is caring!

shares
error: Content is protected !!