Published 13th of June 2018

In a time of excellent mobile technology and widespread Wi-Fi, working from home is becoming a popular choice for many employees. Employers are often happy to see the benefits of a flexible workforce, including the ability to retain valuable employees and the positive effect remote working has on work-life balance, but they need to be cognizant of the risks that also exist.

The security of a business’s documents and data is not something to be taken lightly, and despite the benefits of remote working, it’s hard to argue that it doesn’t pose more of a risk in this regard. However, a strong remote working policy can minimise the risks and maximise the benefits for all involved.

Understand the risks and benefits

In order to create a policy that works for your business you need to be clear on the specific risks and benefits you might expect to see. Without this crucial step, your policy may not actually be suited to your business’s circumstances.

Benefits of remote working policies can include greater flexibility for employees who live a distance away from the office or who have young children, a better work-life balance for employees and cheaper overheads in the office itself. These benefits could apply in different ways to both larger and smaller companies, though it must be said that many start-ups and small businesses stand to benefit significantly from the greater flexibility that remote working introduces.

The risks, on the other hand, tend to be very company-specific. They depend on the kind of data and information you work with and the levels of access that different employees have to that information. Risks also come from the kinds of environments that your employees choose to work in and how well your workplace culture is able to handle employees who may start to feel disengaged from the office and their colleagues.

Once you understand the risks that remote working poses, you can create a remote working policy to mitigate them. Using our expertise as a document security business, we’ve come up with some ideas of how you can go about doing so.

Clearly outline your employees’ responsibilities

Your policy should make your expectations of employees’ responsibilities clear, even if that simply means emphasising that their contractual obligations of working hours, social media use, break times etc. are all still applicable when they’re working from home.

However, it’s likely that employees’ responsibilities will go further when working from home. It would be normal to mention that they’re expected to work in distraction-free environments or that they should be available for voice and video calls when necessary to ensure that they remain fully integrated with the team. If your employees are working remotely on an ad hoc basis these requirements might not need to be so stringent, but it’s likely that they’ll still apply to some extent.

Your employees should also be clear on expectations regarding confidentiality and data protection, as this is one of the biggest areas of risk that working from home, even on a temporary basis, tends to bring to the fore. This is especially the case if employees are likely to be working in public places like coworking spaces or cafes, but is also important to specify even if they’re likely to be working from home. We’ll come back to this shortly.

Device security

Almost every employer in any industry will need to think about device security. Laptops and smartphones are so common in and around the workplace that they have to be accounted for. However, considerations will be different depending on whether or not the devices are owned by the employer or by the employee.

Company-owned devices

If you, the employer, have issued laptops and/or phones to be used for working purposes, you have quite a lot of control over how they’re used. You can specify that they should only be used for work activities, and that all downloads should be work-related. You can also enforce monitoring and password-protection, and you can require them to be kept in secure locations.

Employee-owned devices

On the other hand, it’s much harder to regulate how employees use their own devices, even if they’re necessary for work. Again, it’s possible to require password protection for all company software and documentation, and you can require the use of company-approved messaging and calling platforms, like Skype for Business, to keep that side of the devices’ use secure and trackable. Beyond those ideas, you simply have to specify the responsibilities that your employees have with work-related materials and be able to trust them to act in a conscientious way.

Consider the security of paper documents

The security of paper documents is even harder to regulate than the security of electronic devices. By nature, they are untrackable and impossible to protect digitally. If at all possible, remote workers should be encouraged to go paperless, using their devices to access all documents unless it’s strictly necessary to print them.

If the use of paper is unavoidable, then you should require it to be stored in a lockable container and kept out of sight of anyone except authorised employees. You could also specify that it be recorded and destroyed in line with any document retention policies that you might have in your workplace. This may involve employees bringing in unneeded documents when they come into the office so that you can oversee their shredding or storage in line with your policies; requiring employees to dispose of documents themselves is unlikely to satisfy the more stringent requirements of GDPR and UK data protection regulations.

Whatever policy you settle on, don’t feel like it has to be set in stone from the moment it’s created. Technology is constantly changing and the needs of your business are also likely to change, so don’t be afraid to update your policy to keep it as effective and relevant as it can be for as long as possible.