As organizations adapt to, and even embrace remote work, enabling productivity without sacrificing security is more important than ever.

Companies need to find ways to allow location flexibility, while also keeping data safe. Though there’s a lot that’s done on an infrastructure level to keep customer data secure, the truth is your company’s data is only as secure as the weakest individual link. Basically, as long as your devices are online, you’re at risk.

To help ensure your company’s security is robust, we've compiled a checklist of security essentials to keep in mind while working remote.

1. Data Protection Policy | Now is a great time to revisit your company’s data privacy and security policies to ensure they are relevant to your new remote work environment. These should include:
   
   • An IT security policy that outlines password management and minimum password standards. Consider what unlock methods are acceptable on mobile devices as well as the timeout period, after which a device automatically locks.
     
     
   • A data breach policy that covers what constitutes a data breach, how to recognize one and the appropriate actions, should a breach occur.
     
     
   • A privacy policy on conducting meetings remotely and sharing confidential information over communication and collaboration platforms, like Teams.
     
     
2. Phishing Awareness | While employees continue to work from home, they may be more vulnerable to phishing attacks. This is why it’s important to continually educate employees and remain alert to the latest phishing scam. This will help you quickly communicate warnings and guidance to employees. Here are some tips to keep in mind and share with your users:
   • Do not respond to emails, SMS or social media messages unless you can verify the sender.
     
     
   • When receiving an email from an unknown sender, don’t click on links or download attachments.
     
     
   • Check for the ‘padlock’ symbol in your browser address bar when visiting a website.
     

Check our of blog on Today’s Top security threats to see what your company should be thinking about.

3. Company Approved Devices | Ideally, your employees should only access company data on devices under your company's control and with a high standard of security. Consider a Modern Device Management solution that will give your IT team an overall control to manage and monitor company-owned devices across all platforms.
   
   This will allow your team to securely distribute, publish, manage and update apps, as well as enforce relevant policies and usage regulations across the devices for improved data and network protection.
4. Security for Company Devices | Company approved devices should be secured by company approved security software. This should include anti-malware software capable of detecting advanced threats such as malware. It may also include password management software to ensure your employees are using sufficiently long and complex passwords.
   
   If you already have security software installed on your office computers, now might be the time to invest in some additional licenses. This will allow your employees to install security software on any personal devices they use to remotely access company data.
   
   Are you a Security Superhero? Take our quiz to find out. 

5. BYOD | When it comes to personal devices, first make sure your Company has a BYOD policy. And secondly, make sure it clearly outlines the ownership of apps and data, as well as the applications that are permitted or prohibited and reimbursement (will the company reimburse employees a standard use fee, pay for certain applications, or a portion of monthly bills?).
   
   It should also outline security requirements for BYOD devices (will the company provide a mobile device security application that must be installed on employee devices before they are granted access to company data or will employees be permitted to choose their own security solutions provided they meet criteria outlined by your IT department?).
   
   Include risks, liabilities and disclaimers, that include company liability for an employee’s personal data, should a device have to be wiped for a security precaution, as well as employee liability for the leakage of sensitive company data brought about by employee negligence or misuse.

Download our security checklist.



Interested in learning more about the hidden vulnerabilities that could affect your business? Send us a note. We’d be happy to provide the support and guidance needed as you progress along your security journey.