Recent years have seen an increasing number of businesses turn towards more flexible and remote ways of working, thanks to ever-improving network capabilities and changing attitudes in the workplace. And this upward trajectory is only set to continue over the next year, with the Office of National Statistics expecting half of the UK workforce to be working remotely by 2020.
This shift in working practices has many palpable benefits for employees and employers alike, such as better staff retention, access to a wider talent pool, higher morale amongst employees, improved productivity, reduced office costs and increased flexibility for workers. But remote working also poses a significant threat to an organisation’s cyber security…
What are the risks of remote working?
There are a number of security risks associated with remote working – most of which arise from companies not having the same support, policies or infrastructure in place for remote workers as for permanent or onsite staff. The 2018 Imation Corp Survey found that less than six out of 10 respondents said their organisation had a working from home policy, for example.
This can make it more difficult for companies to monitor and enforce security which, in turn, means employees may lack commitment to security best practices. Since the majority of remote work is carried out using online applications, the security dynamic and associated risk is different to an office environment. Working in public spaces such as coffee shops and using the Wi-Fi there also has the potential to leave devices and data exposed.
And it’s not just remote workers themselves who are at risk. Onsite employees who occasionally work from home can also face (and cause) security issues when engaging with an organisation’s network or data remotely.
What can you do to keep your data safe?
Awareness is the first step in managing security for remote workers but how do you go about mitigating the risks involved? We’ve outlined some of our suggestions and the steps both businesses and employees can take to keep data safe.
First and foremost, companies need to have a clear set of remote working policies and procedures in place, which should be laid out in an easily-accessible document. This should cover things like the use of personal devices and USBs, personal web browsing, sharing and sending files over unsecured networks, password protection and using work computers in public spaces.
Employees should only ever be granted access to the data they actually need (whether they are working remotely or on-site) and this should then be automatically revoked once they have finished the job at hand. After a project has been completed, it is good practice to encrypt and back up clients’ data to a secure location – before ensuring it is properly erased.
Organisations should also encourage staff to always connect to a Virtual Private Network (VPN), especially if they are using a public Wi-Fi network. This will ensure internet traffic is encrypted and help protect data from cyber criminals. It is also important to make employees aware of the dangers of sending or opening sensitive data over a public Wi-Fi network.
As remote or flexible workers often use their company devices in public places such as coffee shops, they are more vulnerable to theft. So, if allowed by security policy, it is also worth using secure cloud-based services to store and password protect all data and files – rather than workers saving documents to their devices, for example. These passwords should then be managed (again, within the bounds of company security policy). This way if a company device does get stolen or misplaced, workers will still be able to access the data they need – but, crucially, thieves won’t. Features such as ‘Find My Device’ on phones and laptops will also provide a better chance of retrieving lost or stolen devices.
Our tailored solutions and expert advice can help keep your business protected and secure. To find out more about staying safe in the age of remote working, contact Burning Tree on 01252 843014 or firstname.lastname@example.org.