SECURITY FOR REMOTE EMPLOYEES
Best practices for a successful—and secure—remote work arrangement
By Sharon Emek, Ph.D., CIC
Carriers and agencies looking to hire employees already know the problem: demand is much greater than supply. According to a study by The Jacobson Group and Aon’s Ward Group, 63% of companies reported they’d be increasing their staff in 2019.
Yet whether they can do that remains questionable. The national unemployment rate through July 2019 was just 3.7% according to the Bureau of Labor Statistics. For the insurance industry, the rate is a mere 1.7%.
That means plenty of competition for the talent that’s out there. And that’s another part of the problem; there simply isn’t enough talent to go around. It’s a situation that’s going to get worse, according to a Deloitte Consulting report, which reveals that by 2020 the insurance industry will have 400,000 openings.
Remote work brings security challenges. But with proper planning, companies can establish sound cybersecurity practices that are easily managed.
A number of companies are beginning to look at alternative solutions to help fill the void. Remote workers, often a company’s own retiring or retired talent, are helping solve staffing issues while at the same time keeping overhead costs in check. And when companies re-engage their veteran employees in work-from-home positions, they are able to maintain the same level of service and productivity they are used to. The solution isn’t without its challenges, however. As workers move off site, companies are tasked with keeping data secure. It’s a rather significant cybersecurity issue; however, with proper planning and oversight, companies can maintain a high level of security, even when workers aren’t anywhere near the office.
The remote transition
A high level of security starts before an employee transitions to a remote position. Companies should have a process in place that addresses the following:
- Cybersecurity practices in existence where workers are located
- How to keep data secure
- What level of access to company systems remote workers will have
- How systems will be monitored and policies enforced
Let’s take a closer look at each of these.
Cybersecurity practices for remote workers. Whatever your cybersecurity practices are for in-house employees, they should be exactly the same for your remote worker—no unsecured devices and no device that is not encrypted or does not have strong passwords. That includes public computers. No storage ofany company information or documents anywhere but on company-approved systems. Workers should not save copies on their computers, tablets, or cell phones.
Another good practice to establish is to require all personnel to have a personal email account with a log-in and to not use their company’s email for personal business. Keeping both areas separate reduces the risk of workers sharing the wrong files with the wrong people or creating a security gap that hackers can exploit.
Keeping data secure. Probably the most critical security issue with remote work is how company data and systems remain secure when logging in off-site. Ideally, your worker should be situated in a private location on a secure network that has firewall protection and a strong network password. Company work should not be done at a Starbuck’s using their internet as it is not secure. If staff travel and need to work at the airport or a Starbuck’s, they should use a secure mobile hotspot.
Equipment and software must be kept up to date and have current antivirus protection. Security updates should be set to run automatically and checked regularly to ensure that updates are installing correctly.
Passwords should be changed frequently and have a minimum of eight characters, including a combination of capital and lower-case letters, numbers, and a special character. Remote workers should not use the same password for all systems but should have unique passwords for each log-in. Remote workers should not use auto-saved passwords but should type them in each time they log in. Also, since your employees are working from home, they should have a dedicated sign-on, especially if they’re working on a personal computer (PC) that is shared with others in the household. When the workday is over, workers must log out of their account. Workers should understand that client information is confidential. It is up to them to help protect client data.
Access to company systems. Companies should know which systems workers need to access in order to do their jobs. For example, your remote CSR would not need access to payroll accounts but would need access to customer files in order to deliver service. Partitioning your systems and limiting access to sensitive, critical data can reduce the risk of exposure.
Also, caution all workers against saving passwords for management systems and website log-ins on their computers. While it may be convenient to have pre-filled log-in information, it’s a huge security risk. Configure PCs to ask users for passwords at each log-in attempt.
System monitoring/policy enforcement. No matter where your employees work, you should have an ongoing process for monitoring your network and addressing problems as they arise. Likewise, companies should establish regular enforcement and reinforcement of company policies regarding security and cybersecurity. Email reminders, newsletter reminders, memos and such will help reiterate what is expected of your workers, and how they can thwart any security threats they may face.
Those threats include someone physically stealing a laptop; leaving a device alone to get more coffee or walking outside for fresh air; these are huge security risks. Devices should be in a worker’s possession at all times. Workers should get in the habit of picking the laptop up and taking it with them when they walk away from the table or counter where they’re working. Also, never leave the laptop in an unlocked vehicle. If it must be left in a vehicle, an out of sight place like the trunk is the best place to keep it. And of course, public Wi-Fi networks are never private. Use a password- protected hotspot device or the private connection on your cell phone if available.
Additional precautions. Our company, Work at Home Vintage Experts (WAHVE), contracts with hundreds of remote workers. Because these workers are working with sensitive information for our client companies and are accessing our own systems to communicate or share information, we were challenged with building multi-level, multi-layer security to address every vulnerability within that worker’s day.
We start with the basics. Our internal employees and wahves must have the following protections on their laptops:
- Wired network connection, or
- Wireless network connection with a secure Wi-Fi password (no open Wi-Fi)
- Windows OS with up-to-date security updates: Any firewall that comes as part of the operating system must be on and active, and machines should be set to update automatically.
- Up-to-date, paid antivirus, malware protection: We reimburse wahves up to $40 annually for antivirus protection.
- We require our wahves to sign off remote sessions or business applications any time they leave their desks. Also, those working in public places should never walk away from their laptops without logging out first. And laptops should be encrypted to prevent thieves from hacking into them.
We require that workers maintain a secure internet connection. When traveling, they are not to use a hotel or coffee shop’s Wi-Fi—which are typically unsecured, shared connections.
Workers should never write their passwords or log-in details on slips of paper and never affix them to a computer screen. Passwords must be kept separate from the computer. Memorized log-in information is best.
And because some applications (e.g., games, mobile apps, coupon sites) may contain viruses or malware, we caution our workers to know and trust the source of all applications before downloading anything.
Remote security, managed
We also work with clients and workers prior to an assignment to make sure each remote arrangement is successful for both worker and client employer.
Our security procedures include the following:
- Gather and document information on the workstation and connection to ensure it meets baseline standards
- Provide wahves with written instructions regarding best practices for security
- Inspect each workstation remotely to ensure compliance
- Send periodic reminders regarding security and best practices
- Provide continuing technical support for when questions or issues arise
Recipe for successful remote work arrangements
What all of these security measures have in common is that they vary just slightly from those policies you have in place for your in-house staff. The key for you to work successfully with your remote workers is to understand the following:
- All company electronic data policies still apply
- No use of unapproved devices or storage for company data (that includes cell phones and public computers)
- Follow all policies regarding use of public Wi-Fi
- Follow encryption, password requirements and cloud-based secure storage requirements
- Disconnect when not in use—lose the Bluetooth connection or Wi-Fi connection
As agencies face the challenge of hiring qualified candidates in a shrinking talent pool, they can find opportunity in using remote workers, particularly their own veteran employees who are planning to retire or who have already retired. Through remote work arrangements, many firms can find the talent they need by helping employees transition into work-from-home careers.
Remote work brings security challenges. But with proper planning, companies can establish sound cybersecurity practices that are easily managed. Simple, easy-to-follow steps can help your remote workers reduce the risk of exposure and can keep your business secure and thriving.
Sharon Emek, Ph.D., CIC, is founder and CEO of Work At Home Vintage Experts (WAHVE), a contract-talent solution that matches retiring, experienced career professionals with a company’s talent needs. WAHVE bridges the gap between an employer’s need for highly skilled professional talent and seasoned professionals desiring to extend their career working from home. From screening to placement, WAHVE qualifies, hires, and manages experienced remote talent. For more information, visit www.wahve.com.