Employees tend to be more productive when they work remotely, which is one plus for the many organizations quickly moving to remote environments. But there are security drawbacks.
The most significant challenge for a business with a remote workforce is the increased risk of a security breach when the technology is not implemented properly. We are talking viruses and ransomware, hackers accessing private files, and deliberate corporate or state-sponsored espionage.
However, these threats can easily be avoided with proper technology implementation and employee training. Here is a look at a few threats facing remote employees:
BYOD Networks
One of the perks of working from home is using personal devices for work. This practice is called Bring Your Own Device (BYOD). To remotely access company data, employees connect personal laptops, cell phones and tablets to company resources such as a virtual private networks (VPN) or email accounts. Most companies train employees on appropriate ways to use these devices and connections, developing BYOD handbook policies.
So, where is the harm in BYOD?
- These personal devices are often shared with several people who do not receive proper security training, creating a potential a risk.
- Important updates for antivirus/anti-malware on a personal or shared tablet or PC are regularly overlooked. A personal PC with outdated antivirus, connected to a firewall that’s even just a few years old, could prove a prime opportunity for a hacker to infiltrate a company’s network and deposit malware or even hijack a device and hold it ransom.
- Improperly retired devices can cause a serious liability. Consider a healthcare professional accessing their work email via their personal mobile phone. In that email inbox lives a plethora of patient information. That same employee then chooses to upgrade their personal phone for the latest device. Did the employee wipe the phone clean before it was turned in? Was HIPAA-protected data on the phone?
Public WiFi
Public WiFi hotspots are plentiful, making it easy to get online virtually anywhere. Many of these simple networks are unencrypted, allowing for sensitive or private information to be transmitted from a device to the WiFi access point in clear text – meaning it is not encrypted and easily read. For example, an employee’s device connected an unsecured community WiFi has also now allowed access to their device from other infected or malicious devices on the same network. If your remote employee's device doesn't have the proper security elements installed and configured, this scenario and many others can pose a significant risk to your company network.
Company-Owned Devices: Don’t be fooled into thinking company-owned devices are more safe. There is a huge risk in an employee connecting a company device to an unsecured WiFi network and then doing something seemingly simple like shopping online, accessing social media, or downloading personal email and then connecting to company IT applications, servers, and other resources. Ransomware can spread indiscriminately to any device with similar vulnerabilities.
8 Security Tips for Remote Workers
- When possible, tether your mobile device to your smart phone rather than use public WiFi.
- If connected to public WiFi, use your company VPN to surf. It will encrypt your internet data and help enforce other company security controls.
- Avoid logging into sensitive websites (i.e. banking, credit cards, etc.) when connected to public WiFi.
- Never leave your mobile device unattended in a public place.
- When using a browser to surf, always ensure traffic URL is encrypted and begins with HTTPS://
- Not all public WiFi is equal. Treat all WiFi connections with suspicion. Even some large retailers allow a direct tunnel to the internet.
- When using public WiFi, verify that the WiFi connection name is legit by asking the business that owns the WiFi access point the name. Malicious actors will often impersonate legit WiFi names by using a similar name.
- Don’t take sensitive business calls or work from sensitive documents when someone could be physically shoulder surfing or eavesdropping.
There is no single silver bullet to eliminate all threats. Multiple lines of proactive defense are necessary when working remotely.
Get remote with C Spire Business
Important tools like Office 365, Hosted VoIP and UC-One let employees meet, call, collaborate and chat from anywhere and on any device. These low-maintenance, affordable, secure solutions can help propel a remote workforce toward success. Get started here.