Businesses are big winners when it comes to remote workforces. On top of better morale, and reduced turnover rates, remote employees are roughly 25 percent more productive than their office colleagues. But there are drawbacks.
The most significant challenge for a business with a remote workforce is the increased risk of a security breach when the technology is not implemented properly. We are talking about viruses and ransomware, hackers accessing private files, and deliberate corporate or state-sponsored espionage.
However, these threats can be easily avoided with proper technology implementation and employee training. Here are a few suggestions to help a remote workforce be more secure:
When an employer allows its workforce to use personal devices, it is often called Bring Your Own Device (BYOD). Employees connect devices such as laptops, cell phones, and tablets to company resources such as a virtual private networks (VPN) or email accounts. Most companies train employees on acceptable use of these devices and connections, developing BYOD handbook policies.
Where is the harm in BYOD?
- These personal devices are quite often shared with several people who do not receive proper security training, creating a potential a risk.
- Important updates for antivirus/antimalware on a personal or shared tablet or PC are regularly overlooked. A PC with outdated antivirus, connected to a firewall that’s even just a few years old, could prove a prime opportunity for a hacker to infiltrate a company’s network and deposit malware or even hijack a device and hold it ransom.
- Improperly retired devices can cause a serious liability. Consider a healthcare professional accessing their work email via their personal mobile phone. In that email inbox lives a plethora of patient information. That same employee then chooses to upgrade their personal phone for the latest device. Did the employee wipe the phone clean before it was turned in? Was HIPAA-protected data on the phone?
Public WiFi hotspots are plentiful, making it easier to get online virtually anywhere. Many of these simple networks are unencrypted, allowing for sensitive or private information to be transmitted from the user device to the WiFi access point in clear text – meaning it is not encrypted and easily read. For example, an employee’s device connected to the local coffee shop’s WiFi has also now allowed access to their device from other infected or malicious devices on the same network. If your remote employee's device doesn't have the proper security elements installed and configured, this scenario and many others can pose a significant risk to company networks.
Company-Owned Devices: Don’t be fooled into thinking company-owned devices are more safe. There is a huge risk in an employee connecting a company device to an unsecured WiFi network and then doing something seemingly simple like shopping online, accessing social media, or downloading personal email and then connecting to company IT applications, servers, and other resources. Ransomware can spread indiscriminately to any device with similar vulnerabilities.
8 Security Tips for BYOD or Remote Workers
- When possible, tether your mobile device to your smart phone rather than use public WiFi.
- If connected to public WiFi, use your company VPN to surf. It will encrypt your internet data and help enforce other company security controls.
- Avoid logging into sensitive websites when connected to public WiFi. (i.e. banking, credit cards, etc.)
- Never leave your mobile device unattended in a public place.
- When using a browser to surf, always ensure traffic URL is encrypted and begins with HTTPS://
- Not all public WiFi is equal. Treat all WiFi connections with suspicion. Even some large retailers allow a direct tunnel to the internet.
- When using public WiFi, verify that the WiFi connection name is legit by asking the business that owns the WiFi access point the name. Malicious actors will often impersonate legit WiFi names by using a similar name.
- Don’t take sensitive business calls or work from sensitive documents when someone could be physically shoulder surfing or eavesdropping.
There is no single silver bullet to eliminate all threats. Multiple lines of proactive defense are required, especially when working remotely.