This page will help you prepare your organisation for home working.
Preparing your staff for working from home
Working remotely can feel overwhelming for those new to it, particularly if it's a sudden change. Additionally, there are practical aspects to consider; employees accustomed to working in a shared office will now be working from different locations. Assess whether new services are necessary or if current ones can be expanded to facilitate ongoing collaboration among teams. For instance, you might explore options like chat rooms, video teleconferencing (VTC), and document sharing services.
If you need to implement new services the National Cyber Security Centre’s (NCSC) guidance on Software as a Service (SaaS) applications can help you.
How you can support secure home working
- Home working may require staff to use different software that they are not used to. To help reduce any negative impacts you should produce written guides to help your staff learn how to use the new software and also test that the software works as intended.
- You may want to create short ‘How to’ guides for staff on software they are required to use at home. This could help reduce requests for help. E.g. a guide on how to use your selected online collaboration tool such as Microsoft Teams.
- Check in on your staff. Make sure that they are adapting to working in different ways and are not struggling.
- Remote working comes with its own issues such as a higher chance of devices being lost or stolen. You should ensure that all your organisations devices are secure and have the ability to encrypt data. Most devices have encryption built in but some will still require encryption to be switched on an configured.
- Ensure that you have the ability to remotely lock, erase data or retrieve backups of data from devices that have been lost or stolen. NCSC’s advice on mobile device management software can help you set up devices with a standard configuration.
- Make sure all staff know how to report any problems they are experiencing.
- Ensure that you have cyber security training for your staff so they are aware of what threats they may experience. NCSC have a free Top Tips for Staff e-learning package you can use to help train your staff.
Controlling access to your systems
You may want to further restrict access to your systems and this is where you may want to consider using a Virtual Private Network (VPNs) which allow remote users to securely access your IT resources. VPNs establish a secure network connection that verifies the user and/or device, and secures data while it travels between the user and your services.
For those already utlising a VPN, ensure it is completely up to date. Your organisation might need extra licenses, capacity, or bandwidth if there is a restricted number of remote users.
If you have never used a VPN before, refer to NCSC’s VPN Guidance. This guidance covers everything from choosing a VPN to the advice you provide your staff.
Keeping your organisations devices safe
Devices used outside the office are more vulnerable to theft and damage. Whether using personal or company devices, it's important to remind staff to lock their screens when unattended, especially in the presence of children or housemates. When not in use, devices should be stored securely.
Ensure that employees are aware of the procedure to follow in case of a lost or stolen device and who to inform. Encourage quick reporting of any losses. Timely reporting can help reduce data risks, as employees who fear consequences may delay reporting.
Emphasise to staff the importance of keeping software and devices updated, and provide guidance on how to do so.
Removable media devices
Removable devices such as USB drives can contain a lot of sensitive information, due to their size are easily misplaced and if infected when inserted into your device can introduce malware. When USB drives are shared, it becomes much harder to track what they contain, where they have been and who has had access to them. To reduce the likelihood of infection via a removable device you can:
Disable removeable media devices using your mobile device management settings
- Enable antivirus on all your devices
- Restrict access to only devices supplied by your organisation
- Protecting your data by encrypting it on removable media devices
Personal devices VS Organisations devices
If your organisation allows staff to use their own devices when working remotely you should refer to NCSC’s Bring Your Own Device (BYOD) guidance to ensure you keep your organisations data safe.