Telecommuting Best Practices

More and more organizations are embracing flexible work hours and telecommuting arrangements.    But, like a double-edged sword, this paradigm shift has also intensified concerns over access to sensitive information that should remain safeguarded within the confines of the physical office.

You may be pondering:

• Are mobile devices such as laptops, tablets, USBs adequately protected?
• What guidelines should staff be observing as they take home corporate information assets?
• How will we know for certain who is connecting remotely to the corporate network?
• How secure is sensitive data being transmitted?
• With whom information is being shared and collaborated virtually?
• How to handle incidents of data breach and possible impact to our business continuity?
• More importantly, how can staff be quickly sensitized to embrace a culture of information security?

Here are 20 best practices to consider:

1. Encrypt all mobile devices (laptops, tablets, smartphones, USBs etc)
2. Enforce strong passcode authentication
3. Lockdown laptop ports or enforce saving data to only encrypted removable media
4. Install antivirus and anti-malware softwares and keep them updated
5. Perform daily antivirus scans of devices and on-demand scans of files from external sources
6. Install desktop firewall and the latest operating system patches
7. Review all users with local administrator privileges
8. Use anti-theft cable locking mechanism to physical secure laptops from theft
9. Ensure data can be remotely wiped if devices are stolen or misplaced
10. Ensure data is transmitted only over encrypted secure channel (e.g. VPN and HTTPS websites)
11. Use multi-factor authentication for all remote connections to corporate network
12. Use Wi-Fi protected access (WPA) point to connect to the Internet and disable access when not in use
13. Always authenticate attendees in virtual meetings and manage how information is shared
14. Observe security protocols of the office at home as best as possible
15. Always store devices and documents in a secure place within the home
16. Where possible, store only minimum data required and shred documents before disposal
17. Establish clear incident handling guidelines and procedures
18. Have formalized information security policies
19. Ensure user awareness training is provided on a regular basis
20. Review IT Security strategy and Business Continuity Plans to ensure they remain applicable and viable

Failing to implement these minimum measures can virtually swing wide the “front doors” to your most critical assets and trade secrets.