Blog | | June 18, 2020 2 MINS

Managing Your Organization's WFH Information Security Policy

Featured Image

Evaluating the Work from Home (WFH) Cyber Risk Landscape and Establishing A Sustainable WFH Information Security Policy  


Digital risk has never been more critical as companies have adapted to the global pandemic with a dramatic shift to a remote workforce where possible to protect employees’ safety and wellbeing.  


Given the nature of digital operations, the organization’s WFH information security policy is an increasingly important aspect of operational resilience. A well-vetted business continuity plan includes preparation to secure assets, processes, IT, and operational technology (OT). Though, recent events, specifically the shift in physical infrastructure from traditional office settings to working from home, have elevated the criticality of technology, and the reliance on SaaS-based applications, in facilitating employee productivity and securing proprietary data. Businesses have had to rely on solutions such as video conferencing applications as a core, essential infrastructure.  


With the amount of cloud-based enterprise systems, many organizations were able to transition with little changes to their actual operations, other than emphasizing conduct for video conferencing at home. SaaS vendors faced a surge in demand and bandwidth, notable downtime, and heightened scrutiny in the initial weeks of the global shut-down. Beyond performance hindering downtime, there are have also been high-profile security and privacy breaches impacting consumer and corporate information.  


Emphasis on Cyber Security  

It’s more important than ever that proper cybersecurity practices are followed and reviewed as the amount of data and processes executed online has increased exponentially. Hackers have exposed vulnerabilities ranging from unsecured file naming conventions as well as to brute force attacks.  


In March of 2020, BitSight evaluated 41,000 US-based organizations to identify and better understand the difference in exposure to cyber-risk between corporate networks and Work from Home-Remote Office (WFO-RO) networks. Their study found that personal or remote networks are 7.5 times more likely to have at least five distinct malware families than a corporate network (Dahlberg, 2020).  Educating employees on the organization’s WFH information security policy is a critical aspect to address potential system vulnerabilities. 


Balanced Information Security Policy Management Initiatives 

As businesses evaluate return from work policies or supporting flexible work from home options moving forward, it’s essential to find the balance between cybersecurity, while promoting employee health and safety at the same time. This balance should be reflective of your operations and goals to enforce proactive cybersecurity protections, and clearly outlined in your WFH information security policy.  


In line with your GRC program strategy, it’s vital to prioritize protections for your most sensitive and essential operations. Accounting for the shift in the work environment and increase in network security vulnerabilities is a significant factor in current and future WFH initiatives.  


The goal of any GRC business continuity plan across operations is to prepare and plan for disasters. toReadily prepared organizations can institute a response plan for worst-case scenarios and adopting best in class conduct codes and policies to minimize damage and exposure. The Occupational Safety and Health Administration (OSHA) has released a new update to help organizations adjust their pandemic policies to account for the current circumstances (U.S. Department of Labor, 2020). The guidance includes classifications of workplace environments based on the risk of exposure, explanations, and descriptions of mandatory safety and health standards, as well as general advice on providing a safe and healthful workplace.  


Balancing your organization’s internal governance, fostering employee engagement, and protecting the integrity of operations are all essential elements of a successful GRC strategy. To learn more about how OneTrust GRC can help support your information security policy and practices, contact our team or request a demo.  


Dahlberg, D. (2020, April 14). Identifying Unique Risks of Work from Home Remote Office Networks. Retrieved June 18, 2020, from 

U.S. Department of Labor. (2020, March). Guidance on Preparing Workplaces for COVID-19 (Rep. No. OSHA 3990-03 2020). Occupational Safety and Health Administration.