29 Jul Making sure you’re covered: HR’s role in managing remote work risk
Social distancing brought about by the COVID-19 pandemic forced companies everywhere to shift to remote work. However, the preparedness of organisations for the realities and risks of remote work differed greatly. Companies with existing WFH policies transitioned to the new reality quite seamlessly. For other companies who were less prepared, it has meant opening themselves up to significant IT risk. Whichever camp your organisation falls into, HR leaders should be prepared to influence policy that can mitigate the risks associated with remote work.
A remote workplace carries information security hazards that aren’t present in a traditional work environment. In the scramble to continue working from home-based setups, employees have been BYOD (Bring Your Own Device), using unsecured networks, accessing confidential and sensitive information remotely and missing regular risk and compliance training due to the disruption to regular work.
According to a recent report by Forbes, there are four crucial areas of information security to be managed with remote workplaces. These include: Employee training; policies to protect information security; secured resource access; and mobile device management.
The good news is that governance of all of these areas can be influenced by sound HR policy. It is in the power of HR leaders to ensure remote workers aren’t inadvertently putting the greater business at risk through costly information security lapses.
Here are five areas you need to be across when setting policy for a remote workforce:
Policies to protect information security
For HR leaders, creating policies that protect IT security should be a critical first step. HR leaders should lobby for the resources needed to build security programs, which will likely entail the acquisition of new technologies, introduction of new HR policies and development of quality remote training courses.
Perhaps most importantly, HR leaders should enlist the support of colleagues in IT to understand risks and how these can be managed. Or, consider leveraging the expertise of consultants if internal information security expertise is lacking. Protecting information security starts with robust policies which HR leaders are critical to establishing.
Committing to employee training
Users need to be educated around potential security risks of their actions and how these actions can compromise their employers’ networks. A recent whitepaper by Cisco Systems revealed that a significant number of employees engage in risky behaviours, including using personal devices for work without worrying about safety and allowing other people to use their work computers.
Despite these admissions, the majority of remote employees still believe they’re working securely. This signals a disconnect between understanding the importance of security and the ability to implement critical security measures. To bridge the gap, HR leaders must establish remote training and education programs informing all employees of security best practices and provide the tools and support to put them into operation.
Establishing a Secure Environment
Unsecured networks, such as those in a home environment are a concern for security. Without the robust on-site networks that organisations invest in, company data is open to compromise. To mitigate risks associated with unsecured networks, companies can set up and require the use of a VPN for remote work.
VPNs are not complicated to implement and enforce, as these networks don’t have the potential to compromise employee privacy and don’t restrict where remote employees can work. Reliable VPNs offer end-to-end data encryption and shield IP addresses to increase security on all types of connections.
Mobile device management
While employers routinely monitor their employees using company equipment, it gets a little stickier when employees are using their own devices. The way around this is to install technology that allows access to necessary documents and applications, and also monitors security.
For example, companies can require that employees install mobile device managers to access corporate documents. These device managers essentially create a sandbox within a device where all corporate information resides. If a phone is lost, the company can wipe sensitive corporate data from the phone, leaving the personal information intact.
Although it may sound intrusive, employee monitoring is very common. HR leaders can address employee security concerns and productivity by using a variety of monitoring technologies. These include video, audio and screenshots.
Monitoring software helps employers understand what users are doing with company time. This includes ensuring employees are being productive and are maintaining the same level of in-office security while out of the office. HR leaders should be across the types of productivity and security monitoring taking place in their organisation and ensure they are making the most of available data to shape future policy.
In summary, without being IT experts, there is a lot that HR leaders can do to ensure their organisation is not exposing itself to risk through remote work. This is about strong policy, regular training and collaborating with colleagues in IT. Make sure you’re covered by playing an active role in the management of remote work risk, and your organisation will come out of the pandemic stronger and more secure than before.