Since 2005, the number of Americans working remotely has more than doubled to 3.9 million, and more than one-third of employees are expected to work remotely in the next 10 years. Employee demands for greater flexibility and work-life balance, combined with organizational demands to optimize productivity and keep employees happy, are driving this trend.
Clearly, there’s a strong business case for allowing employees to work remotely, and mobile and cloud technologies are making it easier for remote workers to collaborate and stay engaged. But the security and compliance risks are very real and need to be addressed.
According to a 2018 iPass survey, more than half of CIOs believed mobile workers were hacked in the past year, and 67 percent suspected that most security incidents involving Wi-Fi happened at coffee shops and restaurants. Nearly half said bring-your-own-device policies only increase the risk.
When employees work remotely, it often becomes more difficult to enforce security policies. The more geographically dispersed your workforce is, the more complex the problem is, and the tougher it is to monitor activity and traffic.
From the employee’s perspective, security best practices aren’t exactly a high priority when offsite. Devices are likely to be lost or stolen, data encryption is often lacking, and employees either ignore or don’t understand the consequences of data loss.
Of course, when employees are left unsupervised, they can get downright careless and negligent. Common sense goes out the window. While working remotely, employees are more likely to open emails and click links from unknown senders, use public Wi-Fi networks and unapproved applications, and even lend work devices to non-employees.
Many of these security and compliance risks can be traced back to a weak or nonexistent remote work policy. An effective remote work policy should account for:
- Approved applications for various business functions (email, file sharing, collaboration, etc.)
- Proper and improper use of devices and applications
- User authentication policies and procedures, including password requirements
- Procedures for reporting security incidents and lost or stolen devices
- User training that covers all aspects of the remote work policy
To further reduce risk, organizations should apply the principle of least privilege. User accounts should be configured in a way that allows employees to access only the data and applications needed to do their jobs. Require complex passwords that are frequently changed, and use multifactor authentication to prevent hackers from accessing the network with stolen passwords. Make sure users only use public Wi-Fi temporarily and sparingly in case of an emergency, and never for sending or receiving sensitive data. Never use USB devices, which are easily lost and sometimes come with risky files and applications pre-installed.
While cloud services typically offer better security than onsite applications, that doesn’t mean every cloud service is safe. Make sure cloud service providers are capable of securing your data and meeting compliance requirements. You should have systems in place for monitoring cloud environments or work with a managed services provider who can handle the monitoring for you. Back up your cloud data just as you would onsite data.
Instead of bringing all employees back to the office and creating barriers to productivity, start taking steps to improve security for remote workers. Let us help you develop an effective remote work policy and implement the security tools that reduce risk outside the office.