Why SMEs Need a Secure Remote Working Policy

Why SMEs Need a Secure Remote Working Policy

Flexibility over where employees work can result in higher risk of a data breach. ShredallSDS Group's Nik Williams talks us through the importance of secure remote working policies.

By Nik Williams

In a time of excellent mobile technology and widespread Wi-Fi, remote working is becoming a popular choice for many employees. Employers are often happy to see the benefits of a flexible workforce, including lower rates of absenteeism, higher levels of morale and the ability to retain valuable employees. However, employers must remain conscious of the potential security breaches associated with working outside of the office.

Having greater flexibility over when and how employees work often poses greater data security risks than a more traditional office model. The security of a business’s documents and data is not something to be taken lightly. A recent report published by Beaming found that UK businesses are attacked online every 2.5 minutes. Given that the average cost of UK data breaches rose this year to £2.7 million, businesses of all shapes and sizes should be extremely wary of how their data is stored and handled.

SMEs are particularly vulnerable to these attacks, as their lower amounts of funds and expertise leave many unable to establish effective cybersecurity measures. Nevertheless, if the appropriate steps are taken to ensure that a small business’s remote working policy is secure, the chances of suffering from a damaging data breach are significantly reduced.

Understand the benefits and risks

It’s no secret that flexible working has become a buzzword in the HR industry. With three quarters of British workers now saying that the option of flexible working is a crucial factor when deciding whether to take a job offer, small businesses stand to lose out if they do not offer some form of flexible working, whether it be having flexible start and finish times, or working from home.


There are many advantages to offering remote working:

These benefits could apply in different ways to both larger and smaller companies, though it must be said that many start-ups and small businesses stand to benefit significantly from the greater flexibility that remote working introduces.

The risks, on the other hand, tend to be very company-specific. They depend on the kind of data and information you work with and the levels of access that different employees have to that information. Risks also come from the kinds of environments that your employees choose to work in and how well your workplace culture is able to handle employees who may start to feel disengaged from the office and their colleagues.

For example, an employee working with a company laptop in a coffee shop might be using an unsecured Wi-Fi network. Competent hackers can use this network to distribute malware, gaining access to sensitive company files which they can use to blackmail the organisation or tarnish the business’ reputation if the breach is made public.

In addition, remote workers will often use paper files that can easily become lost if used in a busy coffee shop or on the train. With these risks in mind, SMEs need to implement clear rules to make remote working secure:

1. Clearly outline employees’ responsibilities

A fundamental step in implementing a remote working policy is making your expectations of employees’ responsibilities clear. Employees might be tempted to take more breaks and be more liberal with what they share on social media if working outside the office, potentially risking confidential company projects from becoming public knowledge. Stressing the need for professionalism during working hours will help to alleviate the issues.

Your employees should also be clear on expectations regarding confidentiality and data protection, as this is one of the biggest areas of risk that working from home, even on a temporary basis, tends to bring to the fore. This is the case for employees either working in public places or from home, and different considerations will need to made depending on whether or not the devices used (laptops or phones) are owned by the employer or by the employee.

2. Establish device security policies

If the devices are company-owned, the employer will have quite a lot of control over how they are used. Companies can specify that they should only be used for work activities and that all downloads should be work-related. Rules can also be made regarding enforced monitoring and password protection, as well as for the devices to only be used in specific locations with secure Wi-Fi networks.

If the devices belong to the employee, employers will need to recognize that it becomes harder to regulate device security. Two areas that can still be controlled, however, are system passwords and messaging platforms. SMEs can still require all company software and documentation to be password protected, ensuring that there is always a safety net in case devices are stolen or lost. Likewise, employees can be asked to solely use company-approved messaging platforms, such as Skype for Business, to keep a log of conversations and sharing of data.

3. Consider the security of paper documents

Paper documents are inherently harder to keep track of and keep secure than electronic copies. Paper documents are easily lost and can be copied or destroyed at a moment’s notice, making it very difficult to protect any sensitive information stored on them. Given the risky nature of paper documents, SMEs should consider becoming paperless. Not only will this improve their green credibility and reduce costs, but it will also allow them to restrict access to documents more easily.

However, it can be very difficult to remove paper documents entirely and many businesses will need to find alternative solutions. For example, a policy can be made for all paper documents to be stored in lockable containers and kept out of sight of anyone except authorized employees. Likewise, the organisation can enforce a clean desk policy whereby all employees must remove any paper from their workspace at the end of the day, at which point it will either be shredded or securely stored. For employees who work remotely, this may involve bringing in unneeded documents once a week to be disposed of or stored securely.

Through establishing clear rules for employees to follow, SMEs can reap the rewards of remote working. However, as technology develops and new threats become apparent, businesses will need to adopt these policies to ensure they remain as effective as possible.

About the Author

Nik Williams is the Managing Director of ShredallSDS Group, a company that provides total information management services to businesses across the UK. Specialising in shredding and secure document storage and scanning, Shredall SDS Group has over 20 years of experience in keeping clients with flexible working policies safe from data breaches.