What technology risks are associated with temporary homeworking?

What technology risks are associated with temporary homeworking?

 

This Q&A explains the main technology risks associated with temporary homeworking and suggests some risk mitigation measures you may wish to consider putting in place.

Temporary homeworking in situations such as a pandemic (eg coronavirus (COVID-19)) will present staff with new challenges and an unfamiliar, often stressful, situation. To protect you, your staff and your customers/clients, you should:

  • introduce and communicate sensible and pragmatic security arrangements that support you and your staff while using remote IT systems, and

  • consider giving staff simple how-to guides for your systems and programmes to help them adapt, particularly for staff who have not routinely worked remotely before

Working outside a secured office presents some additional challenges for management too.

Increased risk of theft or unauthorised access

Staff may be more likely to have devices stolen when they are away from the office, and there may also be an increased likelihood that someone who is not authorised to access a device or system could gain access to information on your devices, or use them to access your work systems.

There are several steps you can take to keep your devices safe when they are not in the office:

Reliance on BYOD

Sometimes a move to mass homeworking is made necessarily rapidly, eg in response to a pandemic situation and resulting government instructions to work from home. Many staff in this situation may need or want to use their own devices rather than work-issued machines, at least temporarily. These can be less secure.

You should ensure your security controls can be applied to any device your staff members are using. As with protecting your work devices, this presents challenges. Key security aspects you should consider include:

See further Practice Note: Bring your own device (BYOD) and Bring your own device policy—checklist.

Cybercrime

You must make sure your staff can securely access your IT resources. The best way to do this is with a virtual private network (VPN) from a reputable provider.

Remember:

  • make sure your systems are protected against ransomware and other malware

  • backup your important data to protect it from loss due to an accident or a cyber attack

  • restrict access to your backup, and

  • ensure you know how to restore your system from a backup

For more guidance, see Practice Note: Pandemic (COVID–19)—information/cyber–security—considerations and resources—law firms and Q&A: What cybercrime risks do I need to consider during a pandemic (eg coronavirus (COVID-19))?

Staff awareness

This might be a good time to update your staff on the technology risks associated with working from home.

Make sure staff know the importance of keeping software and devices up to date.

Make sure they know how to report any problems or breaches to you—see Precedents: Cybercrime prevention strategy and incident management plan and Training materials—information management and security.

Use training and awareness to help build a positive and blame-free culture of reporting, where staff feel comfortable raising issues and concerns. Training and awareness tools you may wish to use are peppered throughout the guidance above. They are listed here for convenience, along with some additional tools you may find helpful in raising staff awareness of the issues and providing training:

Related Articles:
Latest Articles: