Table of Contents
Working offsite is quickly becoming a desirable job perk, and companies are taking notice. Currently, 63% of companies say they have remote workers at least part of the time. Some sources believe that as much as half of the American workforce will be remote in some capacity by 2020 - that's less than two years from now.
Granted, remote work is chock full of benefits for both employee and employer, but it isn't without its challenges, specifically when it concerns cybersecurity.
The Data Dangers of a Remote Workforce
Today's technological advantages, particularly in mobile development, have made it easier than ever to work from anywhere. There's not as great a need to have employees on-site. It cuts employee commute time. It can help boost productivity. It reduces employer overhead. Companies are no longer geographically restricted in sourcing the best talent. But in many cases, these benefits tend to overshadow one of the biggest dangers of having a remote workforce: data security.
Decentralized Systems
Systems become more disarrayed with remote workers. If they're not using company-issued devices, it's up to each employee to source their own. When this happens, devices and operating systems are mismatched, creating additional challenges for your IT infrastructure.
Location & Mobility
Employees aren't just working from the comfort of their homes. Digital nomads who take their work on the road often rely on local coffee shops or retail outlets to set up mobile offices. This is a danger in itself as there's no way to control the security of the public networks or curious glances at a laptop screen from passersby. Every time your employee checks company email or connects to your intranet via their coffee shop connection, your entire company could be at risk.
As more workers are turning to mobile devices in lieu of fixed connections, there's also the increasing possibility of these devices becoming stolen or lost - along with your company's critical information.
Another consideration is the fact that an employee may not be the only one using their device. Shared computers, tablets, or even smartphones between family members could make them more susceptible to malware or other harmful threats.
Lack of Security Features or Anti-Virus Protection
Personal devices may be less likely to have strong anti-malware or anti-virus protection than business systems. If these things are at the employee's expense, they may forgo the proper protections altogether to save money.
Remote Data Issues
Do the security risks of remote work negate its benefits? Is having offsite workers worth the risk? The Cost of a Data Breach study from Poneman's Institute claims that each stolen record costs a company about $141, with a single data breach reaching an average of $3.62 million in damages. If this happens to your company, could you afford to stay in business? The cost-saving perks of remote workers may never justify putting your company at risk, especially if you're unlucky enough to become a victim of a cyber attack.
Countermeasures
But as remote work continues to gains popularity in today's workforce, technology providers are stepping up to the data challenges to make offsite work feasible, practical, and safe. Take a look at a few of the techniques companies are using to combat security flaws of remote connections:
Two-Step Authentication
Also called two-factor authentication, this method adds an extra layer of security to properly identify users. For example, inputting a user name and password to gain access is a single step. In a two-step authentication situation, an application may also text you a code to input before granting you access.
It's become all too easy to steal passwords and usernames from servers, so a password alone is no longer enough to correctly verify a user. The second step is designed to ask for information only the true user should know.
This added complexity of a username, password, and another key piece of information makes it harder for the wrong people to access a system.
Cloud Applications
Cloud service providers maintain the highest nature of security. They're compliance with all industry requirements. Rather than being responsible for your own server maintenance and security features, the cloud provider handles it for you. Providers usually leverage advanced data encryption features that store information online rather than on a device to make remote work safer.
In addition, you must have a username and password to access cloud applications. You can restrict access rights by employee, job title, or other information to ensure only the right people are able to view certain data.
Device Policies and Requirements
If you have remote workers, even a few that are working offsite part-time, your company should create procedures and requirements for handling company information. Just as you have policies for email, attendance, or safety, having policies for offsite work sets the expectation for employees and holds them accountable for their actions.
You can't expect your employees to avoid the risks and dangers associated with firing up a remote connection in a coffee shop unless you've given them some guidelines to follow:
- Employees must have their own devices that are not shared with others (e.g. family members)
- Never store passwords on the device, including text files
- Maintain up-to-date anti-virus or anti-malware protection
- Establish connectivity guidelines, such as avoiding unsecure connections
- Include procedures for opening emails and files on USB devices
Virtual Private Networks
Virtual private networks (VPNs) allow users to access a network privately and are an ideal solution for remote work. VPNs work similarly to firewalls on your computer, but rather than protecting data stored on a device, they protect data transmitted online.
Reduce Your Risk of a Data Breach
It's not something most companies want to believe, but a data breach could happen to anyone, especially if you have a remote workforce. An alarming IBM study from 2014 showed that 95% of cybersecurity involve human error, with just over half of all incidents being a direct result of human error. When your employees are scattered outside the office, it makes it all the more difficult to control how they protect your company's sensitive information.
Conclusion
Even if you don't have remote workers right now, keep in mind the workforce is shifting. It may only be a matter of time before you're seeing fewer of your employees in person. Remote security should be taken seriously. Best to implement safety measures now before it costs you later.