Skip to content
Archived content. You are viewing v1 of SME Digital Advisor — the original multi-section site (risks, scenarios, policies, OWASP, flashcards). Go to current site →

Policy

Remote & Hybrid Working Policy

Working from home, the train, the cafe — safely.

Hybrid working is normal. The cyber risks aren't new but they multiply outside the office.

How to use this: The bracketed items like [Company Name] are placeholders — replace them with your own details. Edit the wording to suit your business. This is a starter, not legal advice.

Scope

Applies to anyone working from anywhere other than a [Company Name] office.

Devices

You must use a [Company Name] managed device to access company data. See the BYOD & Mobile Device Policy.

Network

  • Home Wi-Fi must be password-protected with WPA2 or WPA3.
  • The router's admin password must not be the factory default.
  • When on public Wi-Fi, the company VPN must be active.

Physical security

  • Don't leave devices visible in a parked car.
  • Lock the screen when you step away — even at home.
  • Be aware of who can see your screen on a train or in a cafe.
  • Don't leave printed sensitive documents in shared spaces.

Calls and meetings

  • Be aware of what can be heard during calls.
  • For confidential calls, use a private room or headphones.

Family and household

  • Company devices are for company use. Not shared with family or visitors.

Travel abroad

Notify [Named Manager] if you'll be working from abroad for more than a few days, particularly outside the UK / EU.

Incidents

Report device loss, theft, or anything suspicious immediately.

Review

Reviewed annually. Last reviewed: [date].

Tips for adoption

  • Issue this with the first piece of remote-work equipment.
  • Run the practical points in induction.
  • Pair with the BYOD policy.