[brainphreeze]

People aren't going to like this take, but it's fairly simple from security point of view given that many companies have to adhere to security standards around "physical security", such as ISO 27001 and SOC 2.

You either go back in to the office, where companies can ensure the security of their networks and environments, or you don't have a job. I don't agree with this, but in terms of security, when people are working from home there are standards that we simply cannot meet, which could potentially cost a small business large contracts.

Scoping is important and these issues will have to be figured out now in the post-pandemic world.

[Freak_NL]

ISO 27001 does not prohibit working from home, at all. If a company decides that they cannot secure their work environment with people working from home, than that is on them.

We passed our yearly ISO 270001 audit last month, and we all work from home most of the time until going to the office is reasonably possible again, and even then we will remain hybrid. In the end it doesn't really matter where someone is physically working from if they follow basic security precautions if you are in IT (unless you are doing national security type of things; most of us aren't of course), and ISO 27001 just wants to see that you have such policies in place and that risks are mitigated.

[ckdarby]

That is not the case at all. There have been plenty of companies before pandemic that had remote employees and or individuals who just travel frequently.

You're able to be compliant even without being in the office. Most of the compliance is covered by < 5 mins auto lock, security updates turned on, VPN and a yubikey.

Nearly everything else in these are documented processes and separation of roles and responsibilities.

[bryan_w]

How do you guard against someone in their home, taking a picture of your personal information when you call the call center?

[mikem170]

You have an automated system like an ivr with voice recognition collect sensitive info. You don't have sensitive info on an agent's screens. You don't collect unnecessary personal info.

[nonameiguess]

The people in this article are working in Colombia and Albania staffing customer support for Amazon and Apple. If there were serious security requirements for whatever the calls are they're taking, these companies wouldn't be offshoring the work to recently war-torn nations that are notoriously terrible at internal defense.