Teleworking: How to Secure your Employees Wherever They Are

The interest of teleworking relies on the capacity of employees to accomplish their tasks while not being at their desks. It might be reassuring for the management to set a detailed security policy with high-security requirements. However, it is more efficient to focus on basic and well-understood rules by the employees; they have to also understand the reasons of a security measure and the consequences of cyberattacks. To achieve this, the employees have to be trained often in-house or externally by information security professionals.

Additionally, some rules must be set and respected by everyone. Here are some examples:

• Adapt the security level to each employee’s requirement. Discussions about confidential data should be limited to conversation partners that also have access to that same data, and no one else.
• Warn employees to be very cautious about who could see their device’s screen, not to display confidential data in public (like database information, contracts or sensitive emails).
• If the laptop is unused, the session must be locked.
• Do not connect to any public, unknown, or unchecked networks. Creating a fake Wi-Fi and thus deceiving someone is relatively easy.
• Use the roaming from your phone to have a more secure network and use a VPN.
• Define responsibilities and rules, so in case a material is stolen or forgotten, it can be assured that the employees notify their security contact quickly.
• Everyone has to know that devices must never be left unattended. Anti-theft cables can also be used to decrease that risk.
• Remote access software (like Teamviewer) should be used very carefully and only by authorised employees. It has to be always updated, and only used in case of absolute necessity. -> Precisely: by letting it run constantly to access the computer anytime brings similar risks than opening a backdoor.

As the teleworking practice grows, it is important to give necessary guidelines for employees. Most of the security problems come from employees who have not been trained enough or do not understand the consequences of their behaviour. It is also possible to minimise the threat of non-compliance by involving employees during the process of creating information security rules and guidelines.

CASES Expert Voice

‘Teleworking begins to gain popularity with connections becoming increasingly better. Most companies are mature enough to have a VPN to protect their data and communication. However, most of them only concentrate on technical matters and forget that the human factor is the weakest link in the security chain. The rules and guidelines should be clearly defined, understood, and signed. Besides, explanation of consequences should be given and employees should be properly prepared for the usage of technology.’

Interesting Links:

• WORT.lu - Enquête: pourquoi si peu de télétravail au Luxembourg?
• STATEC - Regards 08 sur la flexibilité des heures de travail et le travail à domicile
• Be Safe: a practical guide for business trips