What an effective remote work policy should entail

Nowadays, office staff aren’t content with sitting inside a cubicle for eight to nine hours and then travelling home just to repeat the cycle again the next day. Because tech now enables them to accomplish the same amount of workload anywhere there is an internet connection, doing the job from home (and skipping the long commute to the office) is becoming more and more popular.

This setup presents many benefits for employees. According to researchers at the University of Guelph’s Regional and Rural Broadband (R2B2) project, the average southwestern Ontario resident will save $12,000 a year by working from home three days per week. It helps with out-of-pocket costs such as fuel, car maintenance, and insurance. However, as with any privilege, some controls and rules have to be set, which is why it’s important to have an effective remote work policy.

Implementing a successful one means placing security at the forefront of your strategy. This ensures that despite the new setup, your employees won’t leave company data vulnerable to breaches.

Here are some things to consider when creating your remote work policy:

Access control

Your company’s files are confidential and must be protected from the eyes of unauthorized parties at all costs. Also, with most corporate desktop applications shifting to the cloud, there’s also no need for your employees to be limited by your in-house network. It has now become important to maintain control of your data by knowing who has access rights and where the information is travelling to.

Start your access management policy by enforcing multifactor authentication (MFA) on your company accounts. MFA makes account holders use more than one means of verifying their identity. For example, after your employees enter their password, they will be prompted to enter a code that’s been sent to their smartphone or confirm their identity over a personal mobile device.

You’ll also need to implement strict remote monitoring, auditing, and reporting to know who’s accessing your resources and where they’re accessing the assets. This way, you can be sure that no third-party entity is seeing, accessing, and modifying your data.

Mobile device management (MDM)

With technology being increasingly mobile these days, personal smartphones, laptops, and tablets are now viable alternatives, opening up the opportunity for better flexibility and reduced hardware costs.

To implement a mobile-friendly strategy, you need MDM. It’s responsible for the administration of portable devices to enforce security rules and ensure that confidential data never gets stolen by hackers.

To ensure security, your MDM policy must give you the ability to do the following:

  • Set password guidelines
  • Configure virtual private networks (VPNs)
  • Install authentication certificates
  • Disable features such as cameras and GPS
  • Remotely format devices
  • Detect missing patches
  • Ban jailbroken and rooted handsets

It’s also helpful to have complete visibility of the master list of all devices registered on your network, whether they’re personally or company-owned. This helps you have better control of who sees and accesses your data.

Virtually partitioned personal devices

When your employees use their own personal devices, their productivity increases while your operational costs are reduced at the same time. However, you also need to ensure that your data stays within your network.

Let’s say that one of your employees is working on a confidential project on their personal device connected to a public Wi-Fi network. These networks do not have the proper security protocols, making them vulnerable to hackers. Cybercriminals are also well aware that end users don’t typically install security patches, so they take advantage of software vulnerabilities as an attack vector to steal sensitive information.

One of the most effective ways to implement a bring your own device (BYOD) policy is to deploy “virtual partitions.” This compartmentalizes work-related data from personal information, and can be remotely managed and wiped as necessary (e.g., for when an employee leaves). Moreover, you can also ask users to connect to your corporate VPN whenever they need to access your cloud-based resources.

Remote working shouldn’t become your business’s kryptonite. Here at Dyrand, we take care of your organization by offering a comprehensive MDM program that reduces costs and increases the security of your data. Give us a call today to know more!