May 02, 2016

Avoid the Biggest Security Risks of Remote Working

How many of your employees work outside of the office?  

US Market intelligence firm Strategic Analytics has forecast the global mobile workforce will reach 1.75 billion and account for 42% of the workforce by 2020.  Add part-time work – Citrix data shows that globally, 61% of workers now do their jobs outside the office at least part of the time – and the numbers skyrocket even more!

But while device design and pricing are expected to improve and fuel this trend, there are still lots of concerns about overall remote worker security.

In fact, off-site employees with multiple mobile devices were seen as one of the biggest security threats in Ponemon’s 2015 State of Endpoint Report: User Centric Risk study. An endpoint includes servers, desktops, laptops, smart phones and other devices, pointing to the need for increased byod security and laptop security.

What are the biggest security risks of remote working?

  • Insecure connections: Wi-Fi connections (in business lounges, on trains, in coffee shops, etc.), can lead to data breaches. But the use of insecure WiFi has more than doubled since 2013, according to the Endpoint Report. Recommendations: Never use public Wi-Fi for sensitive information. Only connect to trusted networks.  
  • Losing information: Stolen or lost laptops are one of the most common – and costly – business security incidents. A survey in the U.K. and Germany by information security firm Imation showed that nearly two in five respondents knew of lost or stolen devices in public places – and three-quarters of these devices contained work-related data. Recommendations: Securing a laptop or other device means never leaving it unattended in a public place, car, or hotel room. When removing information from the workplace, encrypt files. Equip devices with up-to-date virus protection. Back up information regularly.
  • Visual theft: Visual hacking of information on mobile devices can occur almost anywhere.  Recommendations: Ensure the device screen is not visible to others (and avoid displaying confidential information) in a public place. 
  • Negligent employees: More than three-quarters of Endpoint Report respondents mentioned negligent employees who do not follow security policies. In the Imation survey, employees took confidential information away from the office without the knowledge of their employer. Recommendations: Include Remote Working best practices in the organisation’s Information Security Policy. Provide on-going security awareness training and compliance training.  
  • Insecure Mobile Apps: In research by Cisco, 70% of IT professionals believe the use of unauthorised programs lead to at least half of their companies' data loss incidents. Recommendations: Include a list of approved apps for BYOD security. Check that app makers have addressed security.
  • Improper disposal: It can be difficult to ensure that mobile employees are following the rules. For example, when mobile devices are no longer needed they may be stockpiled at home; or confidential documents may be thrown into the rubbish. Recommendations: Highlight information security for remote workers in the organisation’s security policy and training. Ensure that obsolete mobile devices are properly disposed of (physical hard drive destruction). Partner with a reliable document destruction company, and direct employees to bring all paper documents and electronic media and hard drives to the workplace for proper disposal.

Today, organisations must stay on top of information security best practices, like BYOD security, whether employees are doing their job in or outside of the office.