business Technology Tips for Creating a Secure Home Office January 26, 2017 There are several best practices for employers and employees when working away from the office—like investing in physical security and antivirus software. The ability to work from home is a prized employee perk offered by many companies. Conducting business remotely may be less regimented than working from the office, but that doesn’t mean safety should be put on the back burner. There are several ‘best practices’ both employees and employers should make sure to follow in order to ensure sensitive information is not compromised when employees are signing in from home. Tips for employees Invest in antivirus software- This is the first step, but by no means the only step to secure a home office. Companies often have preferred software for a company-issued device, but if you use your personal laptop for work, it’s important to still adhere to company policies. Many internet providers offer free antivirus software, too. Keep your physical workspace secure- Physical security is essential for a secure home office, too. Whatever elements of traditional physical security you can add, the better. There are a number of DIY home security systems (iSmartAlarm, the SimpliSafe Home Security System, and the SkylinkNet Alarm System) which are affordable for homeowners on a budget. Don’t allow family members to use your work devices- A work computer should not be a “family computer”. Employers recommend that you treat work-issued mobile devices, computers, and sensitive data as if you were sitting in your physical office. Follow company policies rigidly- Company policies should always be diligently followed, especially when you’re working outside the office. Conduct regular scans, report any suspicious behavior to your IT team, and update antivirus and malware software whenever you can. Tips for employers So, how exactly do employers manage remote employees? Develop and implement a comprehensive remote access policy and require employees to attest to its adherence annually in writing; Utilize VPN or other secured services for remote employee access; Require that employees use a non-stored password to connect during each session, especially for Virtual Private Network (“VPN”) access; Implement Multi-Factor Authentication (“MFA”) for remote access; If possible, restrict the employee’s ability to save or upload files by limiting their ability to utilize external devices (CD’s, USB sticks, etc.) and; Limit employee access to programs and files. Only allow an employee access to the files that he/she absolutely needs and reserve the right to terminate an individual’s access to a program or file. For sensitive programs or applications, it’s best to enforce reasonable session time-outs. Provide services for remote file storage and other tasks. Questions on best practices when working remotely? Contact any member of our Information Security Services Team.