Advice for employers on staff working from home

Many businesses were already preparing for more remote working in the days before the government said everyone should operate from home if possible.

Mark Kiteley, director at law firm Rawlins Davy and president of Bournemouth and District Law Society, said the firm had been anticipating the government advice on the issue.

“The vast majority of law firms will have software that allows them to be able to work from home and to access core systems from home,” he said.

In some cases, documents would have to be delivered to staff’s homes.

He said businesses needed to think about how colleagues would stay in touch with each other and with customers.

“A lot of clients in Bournemouth really value that face to face contact, but we can Skype. We’re probably pretty well set up for it,” he said.

Robert Rutherford, chief executive of Bournemouth business IT firm QuoStar, said: “Businesses must be careful when opening up their systems to remote working in a knee-jerk manner. If the security risks and controls haven’t been truly analysed and evaluated then it could be dangerous. However, it’s understood that in the current crisis a balance needs to be struck.”

He said if employees were using their own devices, they must be checked by IT staff, and that businesses might want to consider buying or leasing equipment.

Businesses should consider what systems people need to use and the bandwidth required. “Don’t assume everyone has suitable broadband, wireless or devices at home to access work systems, video conferencing plus more,” he said.

“Businesses may need to consider investing in mobile hotspots and associated data plans to get people online at a decent speed in some rural areas.”

Staff should understand what is expected of them while working remotely, with “quick start” guides offered.

“Two-factor authentication should ideally be in place to authenticate staff onto systems. This is where you have something you know (a password) and something you have (a key fob with a continually changing code or an app on your mobile),” he said.

“Simply using passwords to access IT systems externally is insecure, especially when using devices not owned and controlled by the business.”

Devices should be encrypted in case they were lost or stolen, he said. Productivity could be boosted by “ramping up” the use of software such as Microsoft Teams.

“Finally, it’s also important that businesses don’t overlook how they are going to deal with calls into the business. Firms on VoIP solutions can easily get soft-phones installed on mobiles and other devices,” he added.

Matt Horan, security director of Poole-based cyber security firm C3IA Solutions, said computer viruses could target workers whose home systems are not secure.

He said: “If a company’s IT has not been configured correctly and does not have security enabled across all remote users then a cyber-attack is a real risk. And this is the last thing the economy needs.

“Have no doubt that the people who launch computer viruses and related infections will see an opportunity during this crisis. Remote working requires companies to fully manage their employees’ remote devices – usually laptops and PCs.

“Ideally these devices have been provided by the company itself and have been configured with security features enabled.

“These features include disk encryption, strong authentication and locked down tunnels for remoting into company-hosted services.”

He added: “By working from home other risks are introduced, such as loss of data through equipment failure.

“It is therefore important that if workers are not using cloud-hosted services they back up data regularly and store them on encrypted USB devices.”