In a recent report from Buffer, 99 percent of survey respondents said they would like to work remotely at least part of the time for the rest of their careers. People like to have the flexibility to work from home if a child is sick or there’s a bad storm. They want to work while traveling or commuting on the train. They want to get caught up during off hours.
More and more employers are buying into remote work because it means fewer days off, more hours spent working and greater productivity. In fact, many employees never completely unplug because mobile and the cloud provide employees with anytime, anywhere access to the resources they need to get work done. However, working remotely can also create serious security and compliance risks if the proper safeguards are not in place.
These risks are created by both the organization and the employee. From the organization’s perspective, monitoring user activity and traffic, enforcing security policies, and protecting data become far more complicated and difficult when employees are working remotely. Of course, many organizations don’t take the time to develop a remote work policy or educate employees about best practices for accessing the network, sharing data, using business applications and other work functions.
When security best practices are not a priority for the organization, they’re not likely to be a priority for employees, who tend to get careless while working remotely. That means a higher likelihood of clicking dangerous links and opening dangerous emails and files. That means using consumer-grade file-sharing applications that haven’t been approved for use. That means using open Wi-Fi networks in public places and having that activity watched by hackers.
The key to plugging these security and compliance holes is to develop a robust remote work policy. What is the proper way to connect to the network? What devices and applications are approved for various work functions? How and where can data be securely stored and shared?
What is the process for reporting a security incident, whether an employee suspects a breach or a ransomware attacker is already demanding payment to have systems restored? How are users trained and educated about security best practices and the risks of negligent behavior? What are the penalties for failing to comply with these rules? An effective remote work policy addresses these and other questions.
There are also basic steps employees can take to reduce risk while working remotely. First and foremost, follow the remote work policy to take the guesswork out of security. Always connect to your company network through a VPN to ensure all traffic is encrypted, and connect to the VPN before connecting to Wi-Fi.
Never use the same passwords for work that you use for personal accounts. Hackers are on to this practice, and buy and sell stolen credentials so they can infiltrate corporate networks. Make sure you save all data in a secure environment, such as an approved cloud platform, rather than on your device. Never use an open or public Wi-Fi network to view or transmit sensitive data.
ICG can help you deliver the same level of security to remote workers as you have in your on-premises environment. We can help you create or enhance your remote work policy, and explain your options for securing activity and devices outside the office.