Remote working is a notable feature of our Internet-enabled age that benefits both employers and workers. Businesses reduce the cost of facilities and employees enjoy freedom from the commute and a degree of flexible working hours.
However, there are security risks involved when devices and users are operating outside of the corporate network. Unless they are recognised and properly managed, remote working represents a permanent weakness in cyber security. Data theft costs a great deal both in financial and reputational terms, and preventing it must be a top priority for every business that holds consumer data.
Best Practice In Tightening Remote Working Security
There are essentially two layers to be considered and addressed:
- The human element
- Technical defences
The human element has been a recognised vulnerability since the beginning of computing. Individuals with direct access to systems need not necessarily be rogue workers or hostile in any way. Mere sloppiness and disregard for even the best security policies is rife.
1) Manage The Human Risks Inherent In Remote Users
Investing time and effort in this biggest security risk area pays dividends. Not only do workers more readily adopt better behaviours, they become far more aware of potential risks, such as phishing and social engineering in their many forms. It has often been said that security is largely a mindset – awareness when posting on social media, for example.
The first risk to be addressed: choose a password management system in combination with mandatory generated passwords. This means workers will be far less (if ever) tempted to keep corporate passwords scribbled on a post-it note stuck to their screen or desk. Two step authentication is a no-brainer to control initial access to the network.
People naturally forget and grow careless as time goes by. Nip that in the bud – run security policy refresher training at regular intervals.
2) Data Encryption Must Be A First Technical Step
Encryption technology has greatly improved so that now it’s barely intrusive. It protects any data held on remote devices. Any company not using encryption is simply asking for trouble.
3) Use VPNs
The pros and cons of VPNs are well known and it’s an established technology. For remote working they are an essential requirement for connectivity to the corporate network. The downside is that they occasionally fail, which delivers a productivity hit. As always, you get what you pay for. Choose a good service.
4) ‘Bring Your Own Device’ Policies
BYOD is close to being unavoidable in practical terms where remote workers access the network through a browser, which can be accessed from any browser enabled device. Security chiefs hate BYOD for a very good reason. Once a user has logged on to the network from an infected device, any installed malware is immediately logged in too. A strict policy that is strictly enforced is the first line of defence.
5) Institute A Stringent Remote Working And Travel Policy
A remote working and general travel policy is not difficult to draft as there are so many good working examples available online. As with all user behaviour policies, regular refresher retraining must be part of the initiative or it become useless over time.
6) Use Secure Cloud-Based Storage
Not storing data on laptops deliver significant security benefits:
- Reduces the count of vulnerable entry points as it keeps data in one place
- Reduces the risk of data leaks in the event of a device being lost or stolen
Use Professional IT Asset Disposal Services
We did not include this as #7 because it does not apply only to devices used by remote workers, but to all devices. Both infrastructure appliances and end user devices can contain data that could compromise the best security policies.
Find Out More
Download our free guide The 6 Hidden Dangers of Non-ADISA Accredited IT Recycling as a first step to learning more about what to look for in IT asset disposal services to protect your business.