Do Employees Work From Home? Review Company's Information Security Policy

Due to the introduction of quarantine in Lithuania because of the threat of the COVID-19 spread, the government recommended companies to move employees to remote mode. Work from home has many advantages, but at the same time raises many questions, especially in the field of information security.  Data leakage can lead to serious financial and reputational losses. Is the business ready for remote work?

Andrius Kiaune, specialist in information security risk assessment at Penkių kontinentų komunikacijų centras, a provider of ProfIT outsourcing IT services, says that everything depends on the information security policy of each organization.

“Company executives, before moving employees to the remote mode, must explain to them that information security in the telecommuting conditions consists of three components: knowledge of the rules, technical capabilities, and security awareness. These are interconnected links of one chain. Its reliability is very much determined by the weakest link in the chain,” says Andrius Kiaune.

For companies, using cloud services, it is easier to organize remote work. Information and data are stored on virtual servers (cloud) and, if the Internet is available, can be accessed in any place and at any time.

If a company stores information on a corporate server and has accurate access control, it is not easy to move employees to a remote mode of operation. It is necessary to provide employees with technical equipment.

The development of a strategy for transferring a company to a remote work should begin with an analysis of the information security policy and risk assessment.

Information security risk assessment is the process of identifying, resolving and preventing security problems in еhe following areas:

• equipment used for work (computer, tablet, etc.);
• information system for storing and processing data;
• technologies for ensuring communication and security (VPN, firewall, two-factor authentication);
• documentation describing the information security policy, which implies a set of measures, rules, and principles that guide employees in their daily practice to protect information resources.

The three key principles have become a foundation for information security:

1)      integrity (resistance to accidental or intentional destruction, unauthorized change);

2)      confidentiality (prevention against improper information modification or destruction by unauthorized users);

3)      availability (ensures that employees can access information whenever they need it).

Risk assessment allows you to make the functioning of information systems cost-effective, relevant and able to respond to threats. It may seem that in an emergency, it is too late to assess the risks of information security; however, the audit can be carried out even in quarantine mode, since there is no need for direct contact with customers for its implementation. The results can be discussed via videoconference.

ProfIT specialists provide comprehensive services for assessing information security risks: operational and technological audit, preparation of information security policies, staff training, etc.