This policy outlines the requirements and best practices for remote work to ensure the security of company systems, data, and operations. It is designed to minimize risks associated with remote access and protect both the organization and its employees.
This policy applies to all employees, contractors, and third-party vendors who access company systems, networks, or data while working remotely, regardless of location or device.
If personal devices are used, they must meet company security requirements, including antivirus software, encryption, and a supported operating system.
Device Updates:
Automatic updates should be enabled where possible.
Antivirus Software:
Devices must have up-to-date antivirus/antimalware software installed and configured to run regular scans.
Administrator Privileges:
The VPN must be active whenever connected to public or unsecured Wi-Fi networks.
Home Wi-Fi Security:
Employees are required to secure their home Wi-Fi networks by:
Public Wi-Fi Prohibition:
Employees must enable MFA for accessing company systems, accounts, and applications.
Strong Passwords:
Employees are prohibited from reusing passwords across personal and work accounts.
Account Access:
Storing sensitive files on personal devices or unapproved cloud services is strictly prohibited.
File Sharing:
Avoid sharing files via personal email or unauthorized platforms.
Data Backup:
Employees must use company-approved communication platforms for calls, video conferencing, and instant messaging (e.g., Zoom, Microsoft Teams, or Webex).
Confidentiality During Calls:
Employees must be cautious of suspicious emails, messages, or links. Look for:
Reporting Suspicious Activity:
Any suspected phishing attempts or unauthorized access must be reported immediately to the IT department.
Cybersecurity Training:
Employees must report the following to IT immediately:
1. Lost or stolen devices.
2. Suspicious emails, links, or system activity.
3. Unauthorized access to accounts or files.
Contact IT Security:
- Email: [[email protected]]
- Phone: [XXX-XXX-XXXX]
- Incident Reporting Tool: [Insert link, if applicable]
To maintain security, the following are strictly prohibited:
- Using personal email accounts for work-related communication.
- Accessing or sharing company files on unapproved platforms.
- Allowing unauthorized individuals to use work devices.
- Disabling antivirus software, firewalls, or VPN connections.
All company-issued devices are subject to monitoring to ensure compliance with security policies.
Policy Violations:
Failure to comply with this policy may result in disciplinary action, up to and including termination.
Policy Review:
By signing below, I acknowledge that I have read, understood, and agree to abide by the Secure Remote Work Policy.
Employee Name: _____
Signature: _____
Date: __________