Home working policy
Home working security policy
Introduction
Agile Collective recognises the importance of flexibility and work-life balance for members and employees. This Home working security policy outlines the guidelines and requirements for employees who work from home, ensuring that our organisation's data and systems remain secure.
This policy applies to all employees, contractors, and third-party service providers of Agile Collective who access the company's systems or data while working from home.
Policy
Network security
- Home Network Security: Employees are required to secure their home Wi-Fi networks with strong passwords and WPA2 (or higher) encryption. The default router password should be changed, and firmware should be kept up-to-date.
- Firewall Configuration: Employees must ensure that their home firewall is enabled and configured to block incoming connections by default.
- Public Wi-Fi: Use of public Wi-Fi networks for work purposes is prohibited unless connected through the company's VPN.
- Servers: Shell access to company servers must go through the company Gateway server. Access is granted only via public key authentication.
Remote working environment
- Work Space: Employees should work in a space where screens cannot be viewed by unauthorised individuals.
- Physical Security: When not in use, devices should be locked away or otherwise secured to prevent unauthorised access.
Incident reporting
- Incident Response: Members and employees must immediately report any security incidents, such as phishing attempts, data breaches, or malware infections, to the Tech circle via email or Rocket chat.
Member and employee responsibilities
- Compliance: Members and employees are responsible for adhering to this policy at all times while working from home. Non-compliance may result in disciplinary action.
Exceptions
- Any exceptions to this policy must be approved in writing by the Tech circle and will be granted only under exceptional circumstances.
Monitoring and review
- Policy Review: This policy will be reviewed annually or as required to ensure its effectiveness and alignment with the latest cybersecurity standards.
- Audit and Monitoring: The Tech circle will audit and monitor compliance with this policy, including periodic checks of remote working setups.
Last updated: