The world changed in 2020. The coronavirus pandemic touched everyone’s day-to-day lives. It also changed the work landscape, maybe permanently.\nDuring shelter-in-place orders, thousands of companies transitioned to remote work. Morning meetings in the conference room now take place via video conferencing solutions. Water cooler conversations went digital.\nIt’s impossible to predict the future of office work. When restrictions are lifted and the workforce is invited back to the office, a lot of people might stay home.\nTwitter made headlines when they announced that all employees could work from home forever. They later extended that offer to Square employees, too. Big companies like Facebook, Amazon, and Capital One have also extended remote work arrangements and are likely to offer flexible work options in the future.\nWhether you’re committing to remote work or just using it to get through the pandemic, you face the same challenge: data security. The built-in protections you have at the office won’t work if your team is using public wifi and lax security practices.\nIf any of your employees are working remotely, you should have a standard work from home policy to follow. Include details like what positions can work from home, under what conditions remote work is available, and the security measures remote workers must take.\n\nCreating your work from home policy is easy.\nUse our free template to create your own remote work policy.\n\n\n\n\nHere’s what you should include in the section about security practices:\n5 Security Tips for Working from Home\nWhen your team first goes remote, security feels like a big challenge. In reality, all you need is basic awareness and a common-sense approach.\nStart with these five straightforward security tips:\n\nEquip your team with the right tools\nUse secure corporate software\nProvide VPN access\nCoach your team about cyber security\nCreate training and policy documents\n\n1: Equip your team with the right tools\nIf you supply your team with equipment in the office, you or your IT department have already taken security into account. Your employees probably didn’t think about security when they bought their home computers, though.\nSend your employees home with company hardware if possible. That’s not always practical, of course, so your team might have to use their own equipment.\nBefore you ask your team to access sensitive data from their living rooms, ask them if their equipment meets all of these requirements.\nThey have the right tools for the job\nDifferent positions have different requirements. Your designer might need a computer with a powerful processor, while your social media manager needs fast and reliable internet access.\nMost of your team probably doesn’t need a top dollar PC, but a ten-year-old laptop that’s been sitting in a closet for the last few years may not cut it.\nMake sure that everyone is fully equipped with the other supplies they need, too. Tools like monitors and specialized hardware can be expensive. If your team doesn’t have the right tools to do the job, they may try to find workarounds that undermine your security protocols.\nAll software is up to date\nEvery work computer should have the most up-to-date software available.\nSoftware updates often contain security patches. Those security patches are not always disclosed in detail because the developer doesn’t want to tip off hackers that their software has a specific weakness.\nAll the software installed on a computer — from the operating system to the apps and games — needs to be updated regularly.\nYou should even update programs that you don’t use often. If you don’t think you’ll use it again, it’s better to delete it than to ignore it.\nWifi is encrypted\nInsist that your staff secure their home network.\nIf your wifi router is encrypted, it requires a password to access. Always password protect home wifi.\n\nUsing the password that comes with the router isn’t enough. The default network name is also problematic, as it can tell hackers what kind of router you’re using. They can easily find the related passwords online.\nInstruct your team to go into their router settings and change their network name and password before logging in for work.\nIdeally, your workers should employ a high level of encryption such as WPA2 or WPA3. This is especially important if a remote team member needs to access private customer information or other sensitive data. Upgrade their encryption level by providing a new wifi router.\nSet basic security rules\nRemote security covers more than equipment. Security is more about behavior than hardware and software.\nPeople feel safe at home. That makes it easy to forget protocols like locking your computer when you walk away.\nEven when the only people around are trusted family members, it’s still wise to stay in the habit of locking the computer whenever you walk away. It should be an automatic action so you don’t forget.\nAt home, a locked computer can prevent embarrassing situations if a pet pushes buttons or a kid wants to play.\nSpeaking of embarrassing situations, have you ever shared your screen, only to have a Slack notification pop up with a snippet of personal conversation?\nNow, your team connects via video chats and screen shares. Remind them to turn off their Slack, email, text, and other notifications before calls, especially if they deal with sensitive information in the course of their duties. Imagine a manager presenting to her team and receiving a message from HR about an employee being disciplined. That would not be nice.\nRemind your employees to be mindful of physical security, too. While working in a public place, don’t go to the bathroom and leave a laptop on the table. Keep track of printed documents and shred anything sensitive instead of throwing them away.\nBasically, ask your team to use common sense. It goes a long way.\n2: Use secure corporate software\nRight now, you might be hesitant to spend money on business tools, especially if you expect remote work to be a temporary solution. Some companies might be tempted to cut corners to save money.\nFor example, some companies opt for free alternatives to enterprise cloud phone systems. The cost for free software might be higher than you think.\nWhen droves of corporate users flocked to free video conferencing software, so did hackers and trolls. Zoombombing made headlines and exposed some security risks that many users had never considered.\nChoose the right software for your team, even if you only expect to use it for a few months. Hackers and scammers are just as active as ever. Security is even more important when your company is in a vulnerable position.\nUse secure software\nUse the right tool for the job. Corporate software is designed for commercial environments where sensitive and private data is shared. It’s built with security in mind.\nTake advantage of free trials before you purchase to make sure it’s the right fit.\nDuring your free trial, make sure your team really dives in and checks out the features. This is your chance to see if this software can handle everything you throw at it.\nIf you find your team cutting corners or working around cumbersome features, then it’s not the right software choice. Any built-in security features are irrelevant if your employees don’t use the program as intended.\nWhatever software you choose, make sure your team knows how to use it correctly. Ask for training from your sales rep.\nUpdate your team’s antivirus software\nWhile you’re evaluating software needs, check on your employees’ antivirus software.\nIf you can, share the solutions you use at the office for your workers to use at home. Check your license agreement with providers to ensure you’re able to do this.\nIf your antivirus doesn’t allow you to protect employee personal devices, it’s time to upgrade. Try contacting your provider to see if they’ll give you an upgrade or a new plan. They might give you a deal while you’re working remotely.\nMost of the people on your team probably already have antivirus installed, even if it’s a free version. You might consider paying for an upgrade to their existing antivirus if you’re asking them to work on their personal computer.\nChoose the right cloud storage solution\nCloud storage is better than having confidential documents on home computers. Your team should only use secure, verified apps to store and manage important documents.\nWhen working from home, your team needs to be able to find documents on their own without asking you to forward an email or send a link. You should be able to check for updates without scheduling a meeting.\nPractical, secure file management gives your remote team more independence.\nCloud storage is only secure when it’s used correctly. Make sure you use the settings correctly so that only the right people have access. Some files should be password protected, such as budget sheets with team salary information.\nFree cloud storage solutions like Google Drive can work well when combined with good security habits. Larger teams or companies dealing with more sensitive data might want to choose a paid solution like Dropbox or Box.\n3: Provide VPN access\nWorking remotely doesn’t always mean working from home. Employees might take their laptops to coffee shops, coworking spaces, or other public settings.\nThat flexibility is one of the advantages of remote work. A change of scenery can boost focus and productivity. Plus, if you can take your work with you, you can get things done in waiting rooms and restaurants.\n\nNo matter where your employees work, they need to access and share data. Using a VPN makes that much more secure, especially on public wifi.\nA VPN is a means of providing more secure connections over distance. Using a VPN is like putting a tunnel over the road along which your data travels. No one from outside can view or access the information while in transit.\nYou might already use a VPN for some things. If so, consider giving VPN access to your entire team. Your IT department or your current VPN software provider can help you get set up.\nIf you haven’t used a VPN before, it’s not difficult to start. There are lots of providers out there. Do a bit of research and you’ll quickly find the right solution for your company.\n4: Coach your team about cyber security\nTraining is not optional.\nScammers and hackers are more likely to exploit bad practices than software weaknesses. When your team works in the office, you expect them to stay vigilant about things like phishing emails, printing things with private data, and allowing access to third-party vendors.\nYou should expect the same care when you’re managing a remote team. Coach your staff on the basics of cybersecurity so they know how to stay safer.\nCybersecurity training is particularly important during the current crisis.\nYour employees might have never worked remotely before. They’re under extra stress as they manage change in all areas of their lives. They need your support to learn how to work securely and keep it top-of-mind when there are so many other things to think about.\nExplain the security standards in your work from home policy. Emphasize why they matter. Some security practices feel inconvenient, so make sure your team understands the risks and prioritizes security.\nYou should also cover general best practices for data security. Talk about phishing scams, DDoS attacks, and other commonplace threats.\n5: Create training and policy documents\nPut all of the stuff we’ve just discussed together and you have a framework for your remote security policy. Your next step should be to write it down and make it official.\nDepending on your company size, you may need to involve HR at this stage. They’ll be able to draw up the new policies and procedures. HR will then be responsible for sharing the new information and providing any necessary training. Smaller companies should distribute the new policy documents through management.\nOrganize documents wisely\nKeep documentation where it’s easy for employees to find. All of your important processes and procedures should be well documented and stored where they can be easily accessed. You can’t expect people to check the guidelines if it takes 30 minutes to find what they need.\nThe easier it is to find specific information, the more likely your employees will actually use your policy documents.\nOrganize documents so that they can be used as a quick reference. Break them into sections with procedures for common scenarios like installing new software or adding an outside vendor to a Slack channel.\nCreating your document library will continue to pay off for years. The principles of secure remote work won’t change once the virus has receded.\nGetting policies and procedures in place now gives you options. It means you could extend remote work even after your office opens again, and it makes onboarding new employees easier whether you’re hiring remotely or in an office.\nFinal thoughts\nData breaches and cyber attacks can cripple a company, especially when it’s already vulnerable. Take extra care with your security while your team adjusts to remote work.\nYour remote team can and should work productively through the pandemic and beyond. You may even find that your team is happier and gets more done now than ever before. Manage security risks appropriately and you can get the most out of remote work.\nAbout the author\nJohn Allen is the director of global SEO at RingCentral, a global UCaaS, VoIP and video conferencing solutions provider. He has over 14 years of experience and an extensive background in building and optimizing digital marketing programs. He has written for websites such as Hubspot.