Analysts predict that within the next five years, 40 percent of workers in developed economies will be telecommuting to work; software company Intuit predicts that by 2030, more than 60 percent of US workers will be contractors and contingent workers. While telecommuting isn’t suitable for everyone or every industry, modern technology has enabled many organizations to shift some, if not all, of their labor resources to a remote workforce model; instead of centralizing work in brick-and-mortar offices, workers are connected remotely via the Internet.
Keeping machines and data secure is becoming more challenging as computing infrastructures has become more diffused and decentralized. All those far-flung devices can become infected with malware that may also infiltrate the company’s network and make off with valuable company data. Mobile devices also are susceptible to data leaks because they can be lost or stolen, as well as more easily accessed by an outsider. When data disappears, financial, legal and reputational problems can quickly follow.
Here are guidelines on how to tighten security, while leaving workers free to roam:
Protect remote users’ devices.
Most data-stealing malware that infects PCs arrives via the web and email. To reduce the chances of a malware infection, use security software and practice good computer hygiene by using the latest versions of all applications and installing new security patches immediately. To mitigate potential damage from a lost device, install whole-disk encryption software, which can keep unauthorized people from accessing any of its data. Also, install remote-wipe apps on mobile devices so you can erase data if the device is gone forever.
Use cloud applications.
By using web-based applications to handle business tasks, a small business can let its employees work from any location, while handing off most data-security responsibility to cloud-service providers who are often better equipped and staffed to lock it down. It’s vital that your employees — and especially your administrator — use strong passwords for their accounts and refrain from reusing passwords they use for other applications or sites.
You can even use cloud applications to secure employees’ use of the web.
Create a secure connection to the company network.
You could also set up a system to provide remote workers with secure access to your corporate network. Traditional systems include technologies like virtual private network (VPN) software, which encrypts remote workers’ internet traffic, along with tools that make sure remote computers have security patches installed, are configured correctly and are monitored for signs of infection
How much access does your remote worker need to do his job? In some cases, companies provide broad permissions to remote workers, which creates a network vulnerability point. Segment the network by providing user access to data and systems directly related to the job. By creating strongly segmented networks, you manage your network security risk.
Remote Worker Requirements
You don’t want remote workers connecting with a dial-up modem and a Windows 98 computer, both from a security standpoint and a productivity standpoint. Create system requirements or guidelines for remote workers before allowing them to telecommute. It is also important to ensure that your networks are easily accessed by your remote workers and they will not be sitting on the phone with IT for an hour every morning trying to get set up.
Working with an experienced telecommunications company such as Internet & Telephone helps you create a remote worker-friendly environment that is secure and efficient.
Set up the AV software to check for and automatically install weekly updates. Require users to manually check for updates when they hear about a new virus or worm. It’s a simple and effective way to prevent infections.
VPNs or other confidential-connection schemes protect against eavesdropping and connection hijacking. With a VPN, you can allow remote users to securely access resources on the inside of your enterprise network. With some VPNs, you can ensure that only policy-compliant systems connect.
If your corporate email gateway doesn’t strip attachments, set it to do so. Users rarely have a legitimate business need for receiving non-Office attachments, such as .exe. Users who actually need these file types can get the sender to Zip them or ask their email admin to manually forward them. Filtering will prevent dangerous scripts from landing in your users’ inboxes.
User Education and Awareness.
This is absolutely essential. AV may not catch a new virus, patches don’t always take, and firewalls may fail open. In such circumstances, you want your users to think before they download and open that attachment from their Hotmail account. Ultimately, users are your biggest weakness and your last line of defense. Give them the knowledge to act appropriately.
All of this is to say: whether your business is large or small, data security matters. While many industries may be shifting toward a remote workforce model, deciding whether to allow your employees and vendors access to your network is a major business decision with serious financial and technology implications, one which demands input from leaders at every level of your enterprise, from the C-Suite to IT.
No security measure is a guarantee against malware infection, but these nine steps will help mitigate the risk to your remote users.