The Remote Worker Security Myth
Chief Technology Officer, TCGi
At the risk of stating the obvious, while the trend toward mobile and remote workers has been increasing over the past decade, the advent of the pandemic elevated it to unforeseen levels. As businesses have adjusted to the “New Normal”, network and data security has, unfortunately, become more lax. No longer possible is the traditional “Castle & Moat” design; something better and more comprehensive is needed.
Traditionally, network (and tangentially, data) security took on the form of a fortress design. We surrounded ourselves with a barrier and diligently policed all ingress and egress points. That was all well and good, when all the personnel and data resided inside the barrier. With the advent of remote work, the entire thing has flipped.
When you think about how many devices your business has and then factor in their storage capacity, it’s easy to worry about how much data you have outside your barrier. This, combined with the fact that remote workers can move around freely, means you can’t easily monitor how they use their devices and check what security settings they use. That’s frightening, and your fear is not entirely unfounded.
Being aware of the main causes of off-site security breaches is the first step toward addressing the “New Normal” security needs. Below are five key contributors that heighten the possibility of a data breach:
- Theft: Lost or stolen mobile devices and laptops are easy targets for cyber criminals, especially if insufficient security measures are in
- Public Wi-Fi: It’s difficult for workers to identify what’s safe and what isn’t when connecting to public Wi-Fi hotspots. It’s often assumed that free hotspots (like in cafés or coffee shops) are less secure than paid ones (like in hotels), but this isn’t strictly true, both are assumed to be equally insecure. Sometimes though, this is the only way work can get
- Hijacking: This is more common in companies with BYOD (bring your own device) policies and tends to occur in devices that aren’t positively controlled by the IT
- Malware: Malware trojans harvest passwords, steal sensitive data and important financial information and are often spread via bad links through emails or social
- Infected Apps: Remote workers often need to download apps to enhance their productivity but what they probably don’t realize is that, while most of them are fine, many don’t meet minimum security requirements and therefore carry major threats to company
Implementing appropriate security measures is imperative in ensuring your organization is safeguarded against attacks, which is something you’ve already be doing inside your “moat”. Remote devices are no different. If you develop a soundproof remote security strategy that works alongside your in-house one, your company won’t be at any greater risk than normal.
When it comes to your employees, the best thing you can do is train them. For example, if they access company data in public settings, make sure they know to be discreet about entering sensitive information — you could even provide them with tinted screen protectors for their laptops. Limit downloads to company-approved software and adopt a CYOD (choose your own device) strategy instead of a BYOD strategy, so your company controls the equipment and can install the right security software and configure appropriate firewalls. Better yet, use VPNs (virtual private networks) for all remote access.
It all comes down to risk management. Don’t hinder productivity, creativity, and agility out of fear of a cyber-attack. Likewise, don’t just “hope” it’s all going to be OK. It’s up to you to develop and enforce a mobile security policy to protect your employees from the vulnerabilities of remote working.
Over this series of posts, I will be covering the various ways in which security can be enhanced, and even made superior for a remote workforce.