Remote Work Security: How to Adapt to Remote Working While Protecting Your Data
As if the pandemic hadn’t been difficult enough for small to medium-sized businesses, out of the COVID-19-era arose an unexpected new challenge; a labor shortage. Job seekers post-pandemic are flush with new demands and expanding options that few companies have adequately adjusted to. Work-from-home setups have shifted employee viewpoints on work/life balance. Remote working has expanded the territory in which people can seek jobs, decimating local workforce options and forcing companies to expand the geographical range of their searches in response. And demand for technological perks is at an all-time high with younger employees entering the workforce who have grown up running Zoom meetings on their iPhones and accessing Wi-Fi on mountain hikes.
Today, when it comes to technology, employees won’t be wowed by the basics. To hire the best, you’ll need to be a technology-driven company that lets employees have a say in how they structure their daily routines including offering hybrid and fully remote work options. But how do you maintain security while employees work remotely? Follow this two-step process, and you’ll be off to a strong start to establishing remote work security.
STEP 1: Introduce Flexibility
If the pandemic taught us anything, it’s that flexibility can be the difference between failure and survival. Companies with the agility to quickly switch to remote work and maintain productivity undoubtedly fared much better under the extraordinary circumstances brought about by COVID-19. And who knows what challenges (natural disasters, another pandemic, etc.) lay ahead that could force companies to adjust rapidly once again. So, it isn’t just picky employees challenging you to develop a more flexible, technology-forward strategy for your company; the state of modern business also demands you to be proactive on this front. The challenge, however, is how to assess where you can introduce flexibility without creating vast security issues or overspending on random tech solutions to “upgrade” your workflow.
Start by gathering your department heads and asking them to help you identify the hardware and software they use daily. Different departments will inevitably have different needs. The goal is to get intimately familiar with the processes and industry-specific tools (e.g., accounting, marketing or sales platforms) you utilize internally to envision where adding flexibility might be feasible or not. For instance, if marketing needs two screens, fast processors, and Adobe Cloud platform to perform at a high level, you can spring for high-powered laptops with software subscriptions. But perhaps some of your other employees, such as client-facing staff, whose job is to sell or manage your customers might not need expensive technology.
Consider all these options with your team and then create a plan on how you can modify your current technology to allow for more freedom and user comfort within your daily workflows.
STEP 2: Re-enforce Security
Although you may now be eager to jump in and start making changes, before you do, there’s still one more essential element to consider; how these new devices and workflows will factor into your overall cybersecurity profile. For example, if HR doesn’t need much computing power but has extensive access to sensitive Personally Identifiable Information (PII), you can’t allow them to work from coffee shops and airports without restriction. This is why even before you upgrade, you must sit down and develop acceptable use policies and baseline security protocols, as they will dictate how you go about introducing new technology to ensure remote work security. To start, for each mobile device, laptop, or tablet, consider which of these three options makes sense:
- Provide a device – In this scenario, you will purchase and provide your employee with a device they will use for business purposes and a few select personal reasons. To make this work security-wise, you’ll need to manage and limit the functions you allow by developing and implementing a robust Acceptable Use Policy that defines what users may and may not do while using your device. You can also restrict capabilities by using Mobile Device Management tools (MDM), such as Meraki or Airwatch that remotely monitor and disable certain functions. Consider limiting access to specific websites, camera functions, and applications that may create security concerns. This option attempts to balance security and ease of use for employees.
- Let employees use their own device – In this scenario, you allow employees to use their personal devices to access your network and data. Acceptable Use Policy will be your only control in this case and, as such, requires a great deal of Cybersecurity Awareness Training, monitoring, and trust in your staff. This option prioritizes ease of use but comes with more security risks.
If you choose options 2, here are a few other helpful security features that you can provide or mandate for your employees:
- Hard drive encryption – This ensures that even if a device falls into the wrong hands, a passcode will be needed to access data stored on the hard drive. If you’re using Windows, Microsoft’s BitLocker is a free easy-to-use encryption program that can protect your entire drive against unauthorized changes to your system.
- DNS filtering – This feature stops access to malicious websites that have been blocklisted by ISPs and other third-party organizations. You can also block access to non-malicious websites that may be unwanted distractions, such as social media sites or personal email suppliers like Yahoo or Gmail. Cisco Umbrella is a good option if you’d like to add this feature.
- Remote Desktop Protocol (RDP) – This solution allows users to connect to a computer through the internet and access the data and applications on it as if they were physically in the office; using a Remote Desktop Protocol is convenient if you want to use proprietary applications (e.g., CRMs or accounting software) remotely.
- Mobile hotspots – Enabling this feature allows your employees to use a secure mobile device as a portable Wi-Fi “hotspot.” They can then connect their laptop to this Wi-Fi signal instead of using unsecured airport or coffee shop Wi-Fi. Purchasing stand-alone hotspot hardware is an option as well. If you choose to do this, make sure to change your hotspot’s SSID and require strong passwords.
To be clear, we do not recommend companies abandon their offices. But organizations that begin to outfit themselves to meet the evolving technological needs of an increasingly savvy and demanding workforce will not only attract high-quality talent, but also set themselves up to adapt and grow with the times no matter what lies ahead.
If you’re curious about any of the features we mentioned above or want to know more about remote work security to offer different working options to your employees while protecting your data, don’t hesitate to contact me at firstname.lastname@example.org.