The coronavirus pandemic has abruptly thrust many organizations into a work-at-home scenario, and many companies are struggling with issues regarding remote security and compliance. Enhancing or adopting compliance measures for virtual employees is an immediate necessity, and for many organizations, working from home will be a longer-term model even after the crisis ends.
Your company can ensure a compliant virtual environment with a strategic two-pronged attack: by implementing both a technical solution and a people process solution.
- Create a secure environment with a strong technical solution
Security controls are critical to compliance and to mitigate risks of fraud or breaches, and a technical solution requires a secure end point. The technology provided by a virtual desktop infrastructure (VDI) partner must create a data-secure environment and be adaptable and scalable. Recommendations include:
- Enabling data encryption and two-factor authentication (2FA)
- Hardening browser settings
- Storing all data in the cloud rather than locally
- Restricting hours of operation accessibility
- Disabling Wi-Fi and requiring hardwired internet access instead
- Ensure compliance by enacting a solid people process solution
To set the stage for a work-at-home employee’s success, follow a formalized process from the beginning and reinforce best practices throughout all stages of the employee life cycle.
Recruiting and hiring stages
A good job candidate will supply a potential employer with a photo or video of the proposed work area, either before or during the online interview process. This assessment will provide your company a first view of “clean desk policy” compliance as well as an opportunity to verify the space after hire. With a 360-degree view, you’ll be able to spot unsuitable factors such as screen reflections in mirrors or windows, extra devices such as personal phones or tablets, and people or pets in the background. Upon hire, the employee will sign a compliance audit form agreeing that the requirements are understood and that any required adjustments will be made upon request.
Training and governance stages
Governance in operations is key. During training, your security or compliance team should perform a 360-audit to certify whether the trainee meets all requirements and can proceed to full operations. Once the employee is officially performing the job, you must train and engage your operational teams to conduct audits at prescribed intervals, ensure that the same forms are used, and track results for follow-up and compliance with governance requirements.
Security and compliance are top of mind to any organization maintaining a work-from-home program. Because “just checking in from time to time” isn’t enough, a formalized approach is required. With established frequency and discipline, your organization will create a virtual environment as secure as that of any brick-and-mortar facility.