In our last blog, we talked about Policies and Procedures manuals and the reasons it is important to have a manual for your firm – no matter the size. This blog is going to focus on another important aspect of policies and procedures – your remote workers policy.
More and more firms (and, of course, other businesses) are giving employees the flexibility of working from home. In some cases, attorneys will work full time from their home offices. Along with all of the benefits of working from home, there can be security concerns. We need to make sure that we are guarding the confidentiality of our clients just as carefully in these home office situations.
Below is a list of items you may want to consider including in your remote worker policy:
- Employee should have a dedicated workspace.
- Computer provided by the firm, accessed by assigned user only, credentials are never shared, and it is used for work only.
- Computer should be locked when not in use and should be password protected.
- Malware/virus software should be maintained and updated by the firm’s IT personnel.
- Wi-Fi/Internet at home – high-speed connection with ample signal strength and must be secured with WPA or greater encryption.
- Laptops should not be accessed in off-site locations utilizing public/open Wi-Fi connections. If the employee must work at an off-site location, the employee should use his/her phone as a hot spot.
- Laptop should be password protected, encrypted, and kept safe and secure – preferably never left in the car. If laptop must be left in the car, it should be put in the trunk or somewhere completely out of sight.
- Any documents containing confidential, privileged or other protected information that are printed at home need to be shredded.
- No work documents should be accessed from any personal computer.
- When taking work-related phone calls at home (or at any other location), employee should make certain no one can hear the conversation.
- Clients should only be contacted using firm email accounts. Gmail and other web-based email accounts are not as secure.
- Employees should email personal contacts using only their personal email accounts. Personal email accounts should not be integrated with the firm email account.
The above list is certainly not an exhaustive list but instead offers some suggestions to get you started. We also advise our clients to institute cell phone and e-security policies. We recommend working with your IT professional to develop your own comprehensive remote worker and e-security policies.
Since statistics show that remote work is here to stay, it benefits us, our clients, and our employees to have clear, specific guidelines in place.