You’ve probably grown tired of hearing the words “adjusting to the new normal.” Unfortunately, though, there’s really no other way to say it. This pandemic has permanently changed our work environment, whether you’re already back in the office or remain in quarantine for several more weeks. We must create a new normal for how we work, manage network security, and maintain productivity across a more widespread team.
For example, a client earlier this week asked with their employees working from home, how are they supposed to ensure HIPAA compliance? What if someone innocently leaves the computer screen open, or takes a note with a patient’s name and walks away from the notebook? Here’s how we recommend redefining work parameters to create the greatest opportunity for compliance and security in all work situations.
1. No personal systems. If you allow your staff to utilize their personal systems to work, store company data, and interact with customers, you’re just asking for a data breach. First, you have no control over that system. You can’t log in to perform updates, ensure it has the latest virus definitions, or wipe it if they left the company or were terminated. Second, they are probably not running the strongest virus protection, intrusion prevention, and monitoring. Supply systems that meet minimum standards. Some companies have sent employees home with their work equipment. As long as it’s properly documented, this is a safer bet than letting someone go rogue (intentionally or unintentionally) on an un-managed personal machine.
2. Clear Expectations. There is a difference between working from home and lounging on the couch in your pajamas getting work done. If you’re expecting people to be effective remote workers, set clear expectations for their work setup and communicate clearly. For example:
- Do they need an office with a door that closes?
- Can they utilize their cell phone for business calls or do they need a VoIP/softphone tied into your network?
- How often do you expect them to check in on a daily basis?
- If you can’t get a hold of them immediately, how long do they have to respond?
- Can they attend meetings via phone, or is video required?
- How do they connect to your secure information? VPN? Firewall?