Does Your Company Need To Rethink Its Data Security Policy For Remote Workers?
The COVID-19 pandemic forced many California employers to embrace remote work for their employees. Even as vaccination numbers rise and new COVID case numbers decrease, remote work may be here to stay for many of these businesses. While technology makes it easier than ever for employees to do their jobs from home or some other location outside of a traditional office, employers need to be aware of the data security risks that come from the remote working lifestyle.
Tips for Working Securely Outside of the Office
We have all seen news articles about data breaches affecting employers. Indeed, every week it seems that some business or public agency is the subject of a “cyber attack. ” Many of these breaches occur because the employer failed to implement or enforce proper data security policies. While such policies are necessary for any kind of business, companies that continue to embrace remote work need to be especially vigilant when it comes to protecting sensitive client, employee, and other business information.
First and foremost, every employee who works off-site should be required to sign a Remote Work and Access Policy. Among other items, such a policy must make clear that an employee who works from home or another remote location will take any “reasonable steps” necessary to protect your company’s data. Some of these steps are just common sense: Do not leave sensitive documents open or lying around where non-employees–including family members–can see them. Similarly, an employee should not conduct company-related business where others outside the company can listen to conversations.
Here are some other items your Remote Work and Access Policy needs to address:
- Using a secure Internet connection. An employee should never use an unencrypted wi-fi network to access company files remotely. Any home wireless network should be password protected for access. If employees plan to work at remote locations outside the home, they must use a virtual private network (VPN), preferably one that has been vetted and approved by your company’s IT department.
- Practicing proper password hygiene. We have all seen employees in the office who write passwords down on a post-it note and stick it to their computer monitor. Obviously, this is not a good practice. Similarly, many employees just use the same password for multiple accounts. This has never been acceptable as a data security practice, and should never be a practice for remote workers. All employees need to have unique, strong passwords for each of their work-related accounts, and they should use a password manager to help them keep track of passwords securely.
- Using two-factor authentication. Even using strong passwords is often not enough. After all, a password can still be copied or stolen from a careless employee. For that reason, many on-line services now offer two-factor or multi-factor authentication, which typically requires a separate PIN number sent to the user’s cell phone via a text message or authenticator app. The latter is generally regarded as more secure.
- Encrypting files. Modern operating systems, including Windows 10, make it possible to encrypt the contents of a computer’s internal drive. This means that if an employee’s laptop is stolen or misplaced, a third party still cannot access the data contained without a separate password. When available, encryption should always be the default for any company machine that is used off premises.
Contact a Coachella Valley Employment Law Attorney Today
More than a year into the pandemic, many California business owners are still struggling to adopt new policies and procedures regarding remote work. If you need legal advice in this area from a qualified Riverside County & Coachella Valley employment lawyer representing employers, contact the Law Office of Karen J. Sloat, APCtoday.