Remote work is here to stay
As much as we have addressed operations in remote work locations through technology, the simple process of setting someone up remotely means aggregating and amalgamating pieces from a number of different areas of operation - mostly IT security - into something comprehensive. We have amalgamated policies and procedures from across a mortgage operation into a unifying element, and have provided a checklist for setting up that remote worker as a tool.
Key Point - Documentation Transfer
Paper documentation and images, the mortgage industry's lifeblood, represents the single largest risk to customers and the company. Remote workplaces, being dispersed and interconnected with private residences, can be extremely insecure places to store documents. Knowing this, we structure the remote workplace as 100% paperless. Logically, arranging for the delivery of loan file exhibits in a secure manner without paper means a secure, 2-factor authentication upload. Remember - personal email is not secure.
Key Point - Internet of Things
In an office environment, wired network connections prevail and a smaller number of items get connected to a wireless network. In small-office, home, or remote environments, wireless devices abound. Inventory of these items and their connection to a shared internet connection where you or your employees securely connect can prevent a hacker's back door access by allowing IT departments to identify items that have been exploited. (Watch Mr. Robot to see how they get in.)
Key Point - Expectations for Work Schedule, Supervision and Duties
In a remote environment, employees can often experience "mission creep" where, because of a non-office setting, priorities, and distractions detract from the customer experience. For this reason, clear rules on work hours - logging in and out, accountability for email and phone responses, as well as consequences for time spent on personal items during work hours - get set forth at the outset.
For our customers, we have provided a sample "2-94 Remote Work Policy and Procedure" which you can use as a stand-alone to prove compliance with regulatory requirements, and insert into your 2-90 IT Security Module. This supports pandemic-related remote work, as part of a disaster recovery (see 2-97 Disaster Recovery/Business Continuity) and continuity program, and general network security plan (2-92 IT Security Plan).