More and more companies are choosing to allow their workers to work remotely on either a full-time or part-time basis. While this can be an ideal situation as far as employee satisfaction goes, it can bring up a number of security risks. Here are the things that you will need to look at to keep your employees safe while they are working remotely.
Theft or loss of machines
Stealing a laptop, tablet, or cell phone is pretty easy. They’re getting smaller and smaller all the time, and are easier to misplace or be stolen discreetly. Not only that, but they can also be out in prominent areas where physical security is an issue. The local coffee shop is not as secure as your boardroom.
Being physically watched
It is so easy for someone to look over the shoulder of your employee with them never being aware of it. Cameras are also sensitive enough to pick up passwords just by watching their fingers type. You may never find where the leak came from.
The loss of credentials
When machines are stolen, or workers are remotely watched, the greatest risk is loss of their user credentials. This is their username, password, and tokens. These are frequently stored on machines. They will give hackers easy access to your information.
Your remote worker can leave their mobile machine in a public setting, like in the coffee shop as they go to the washroom, and come back to what appears to be a completely normal machine. Unbeknownst to them, someone has installed some sort of malware on their machine. The most common is a key logger.
Changes to secure configurations
It can be quite easy for your employees to accidentally change security settings. They could even do that on purpose to make things easier for themselves. This could obviously open up their machine to a number of different attacks.
Assess the risks and create your remote worker security policy
First, everyone needs to be aware of the security settings set up on their machines when given to them. It should be noted that there should be no changes to the firewall. They should also know which tools need to be turned on, such as antivirus software.
Secondly, they need to be aware of:
- Environmental security, such as being aware of being watched, or protecting themselves from observation on camera when entering important data.
- Knowing when to report incidents, and who to report to. Even if they’re not sure if something has happened, make sure that they know it’s better to talk to someone than not talk to someone. An open communication policy with your IT team is your best protection.
These are things that your employees need to think about, now let’s talk about some things that they have to do.
Protecting data while it’s being transported
Your employees are going to have to access resources on the Internet, as well as your corporate servers. When doing so, they will be able to encrypt their Internet traffic by using a corporate VPN, and their numerous benefits to business.
Having a policy of your remote workers always using a VPN when they are away from their home network is a good policy. It can protect them if they connect to a bad network, and prevent packet sniffing.
Protecting data while it’s being stored
Your first consideration is to store the absolute minimal amount of information on any machine. Make it so that if your machine is stolen there’s nothing of value on it. Use a reliable cloud storage solution instead.
Your next step will be to encrypt the machines themselves. You can do this with both Mac and Windows. Now not only will your machine have very little information of value, what is on there can no longer be assessed by hackers.
The use of antivirus software should be obvious, but make sure that it’s explicitly stated in your policy. Also make sure to outline the fact that it, and all other apps, should be updated automatically.
Last, install apps which will allow you to remotely wipe the device. This will depend upon the mobile machine which has been compromised, be sure to consult your IT department.
Remote workers bring risk
There’s no way to put it; remote workers are riskier than those in your office. You won’t know for sure where their machines are going to be stored, the networks they will use, and the people around them.
The steps above will help minimize your risk. Be sure to continue to follow up with your remote workers to make sure that they are following these practices. Having a plan is good, following up to make sure that they’re being followed is very important. If they cannot follow the security plan, it is time to bring them back into the office.
Author: You can find Marcus Habert writing about current online security and privacy concerns over on his website: BestVPNProvider.co. The blog there is updated every Wednesday, and features tips and tricks that anyone can use to stay safe online. For the Twitter users out there, follow @BestVPNs for all the absolute up to the minute coverage you can handle!