During the last years, telework struggled to establish itself in SMEs, but today, due to COVID-19, it has become the solution adopted by most companies. However, a lack of knowledge and preparation can put a whole activity in danger.
The purpose of this article is to give some theoretical and practical advice, both for the employer and for the employee.
From an IT point of view, the home of the employee is an unsafe or uncontrolled environment, as the Information System (IS) of the company could be. It is, therefore, essential to start by training the workers on the risks associated with telework. Let's start with the employees:
Personal network safety
When you sign your Internet service contract, many devices arrive with pre-configured wifi. The use of this default configuration is strongly discouraged. To protect the network, it is advisable to choose a safe name and password (that do not contain easily identifiable data, (such as the name of your pet, for example)) for your wifi network. This action is perfectly viable for everyone, since the Internet Service Providers (ISPs) often offer to execute this procedure.
If the use of a personal wifi network is not possible, and if a public network is used, a personal VPN or, if available, a VPN of the company, will have to be used. Professional data can't be consulted using an unprotected public network.
If the implementation of telework forces employees to use their personal equipment, the creation of an account dedicated to the professional activity in said computer is strongly recommended. This account will create a separation between professional and personal activities. It is all the more recommended if said device is used by other members of the household. Ideally, however, the company should provide the equipment.
In both cases, it's essential to check a few points:
- An antivirus is installed and updated
- The company has a regularly tested data backup system.
- The user is also able to regularly (ideally every day) make one of these backups in external devices (if the company policy allows it).
Respect for the data privacy
Working from home can provide a feeling of safety; however, a few simple rules need to be in force to ensure the data privacy. Indeed, some people were able to work from their terrace or garden this summer. However, it is not recommended to inform the entire neighbourhood of the commercial techniques used during this period, or of the new client who just signed the contract.
Let's continue this article with a few tips for the leaders:
It's never too late to teach your employees about cybersecurity. An effective training plan will help you reduce the risks associated with cyber attacks, phishing attempts or other techniques used to steal your data or put your business at risk.
The creation of safe and encrypted identification and authentication systems for each user profile is strongly recommended.
Lastly, it might be necessary to adjust your insurance policies to ensure that these new terms and conditions are taken into account.
Determining for which positions telework is possible
Sensible data, regulatory restrictions, commercial or material restrictions can be an obstacle to telework. It's essential for you to identify the cases where telework isn't possible and communicate to the workers the reasons that motivated your decision
DR - Disaster Recovery
Whatever the dimension of your company, it's necessary to put a DR, or disasters recovery plan, into action. This allows a company to plan ahead the mechanisms to reconstruct and reboot an information system in case of catastrophe or critical incident.
This plan should, ideally, be regularly tested to ensure its efficiency.
These are a few practices that can be quickly applied to your company, but you can also count on your Viseeon accountant and his/her network of selected partners to identify the solutions that can be used in your company.
CTIO VISEEON INTERNACIONAL