How you can enable secure remote working in your business

How you can enable secure remote working in your business

 Working from home isn’t just a response to current pandemic concerns… it’s here to stay. Research shows that as many as 70 percent of organizations will adopt a “hybrid working” model,” where employees spend at least some of their time working from home.

It’s easy to understand why bosses might like the idea. On average people that work from home are 47 percent more productive. Employees don’t mind either, since working from home comes with a host of work/life balance benefits, and eliminates the morning commute and “grind” from the workweek.

It’s a win-win situation… except for one concern. Security. For both companies and individuals, working from home opens up a host of new security concerns, and for any long-term remote working policy, these need to be addressed.

The biggest security challenges when working from home

1)    Consumer-grade equipment

One of the biggest challenges from a security perspective is the off-the-shelf nature of the IT equipment in the home. Business grade routers/modems, printers, and other devices cost more because they have more powerful security features built-in. With home IT, if a hacker can break into the modem or printer of a remote working employee, they can potentially get access back to the entire network.

Furthermore, technology at home tends to be shared, and it only takes one wayward download or link click from an unsuspecting child to expose the computer to malware and other viruses.

Many businesses will look to supply their remote employees with equipment for this reason, with the strict expectation that the equipment can only be used for the purposes of work. It will also be more important than ever to have a formal cybersecurity education system in place to help ensure that all staff understands how to security best practices when they’re not in the office.

2)    Everything’s on the cloud

For working from home to work, the employee needs to be able to remotely access the network, and that means that the company needs to move the computing environment to the cloud so that it can be accessed remotely. The problem is that because the cloud can be accessed from anywhere it can also be attacked from anywhere. Previously the most sensitive data would be kept within networks that could only be accessed internally. Now that data becomes one of the biggest risks facing the enterprise.

Mandating that employees use VPNs for connecting to the network is an important step in mitigating this risk. VPNs encrypt data as it travels between locations, helping to protect the connection from unwanted intrusion.

In addition, businesses should shift their security strategy away from a perimeter defense (firewalls and endpoint security solutions) to zero trust security. Perimeter defense only works when there is, in fact, a perimeter to defend. For decentralized IT (i.e. remote working), the zero-trust approach is much better, because it assumes that traffic on the network is malicious unless proven otherwise. If users are not able to log in and verify their access to the network every time, the zero-trust security will immediately block them out.

3)    What happens when a device gets lost?

When people are working from workstations within the office, lost equipment is of minimal concern. When people start working remotely, however, they will generally take their laptops to cafés or away on holidays, and there is a much greater risk that a device with access to the network gets left in a taxi or other public location.

There are tools available that allow the IT team to remote wipe devices so that even if the device isn’t recoverable, there won’t be any risk of data leak. However, this can also create some thorny issues. For example, if the employee is using personal equipment, they might not be impressed if their device needs to be wiped. Clear policies around the handling of lost equipment can cover the organization legally, but from a staff morale point of view, providing employees with the equipment they need to work might be the safer course of action for all involved.

None of these issues are a reason to avoid working from home. The productivity and morale gains are too great to ignore, and with so many other companies allowing remote working, it becomes one of those things that can sway a prospective employee to one of your competitors instead. Furthermore, there’s no reason that, with the right policies, the right staff training, and the right technologies, you can have a secure remote working environment. Many of the security fears around remote work have come as a result of businesses quickly switching to remote work (as a way of keeping work going through the pandemic), without a security strategy behind it. Now, as working from home becomes the norm, it is time to build security into the environment.