Hybrid working is normal. The cyber risks aren't new but they multiply outside the office.
How to use this: The bracketed items like [Company Name] are placeholders — replace them with your own details. Edit the wording to suit your business. This is a starter, not legal advice.
Scope
Applies to anyone working from anywhere other than a [Company Name] office.
Devices
You must use a [Company Name] managed device to access company data. See the BYOD & Mobile Device Policy.
Network
- Home Wi-Fi must be password-protected with WPA2 or WPA3.
- The router's admin password must not be the factory default.
- When on public Wi-Fi, the company VPN must be active.
Physical security
- Don't leave devices visible in a parked car.
- Lock the screen when you step away — even at home.
- Be aware of who can see your screen on a train or in a cafe.
- Don't leave printed sensitive documents in shared spaces.
Calls and meetings
- Be aware of what can be heard during calls.
- For confidential calls, use a private room or headphones.
Family and household
- Company devices are for company use. Not shared with family or visitors.
Travel abroad
Notify [Named Manager] if you'll be working from abroad for more than a few days, particularly outside the UK / EU.
Incidents
Report device loss, theft, or anything suspicious immediately.
Review
Reviewed annually. Last reviewed: [date].
Tips for adoption
- Issue this with the first piece of remote-work equipment.
- Run the practical points in induction.
- Pair with the BYOD policy.