Does Remote Working jeopardise security practices?

In Information Security ByTeam Acumin / 7th August 2014

In February of 2013, Yahoo caused something of a flurry when it sent a memo to all employees banning them from working from home forthwith. The edict provoked some disgruntled reactions from Yahoo employees, and even Richard Branson waded into the debate.

It does seem, however, that despite Yahoo’s concerns, remote working is certainly a popular choice. A CBI survey conducted in 2011 reported that home working numbers had increased from 13% to 59% in five years. Now, some 3 years later, the concept of remote working has been expanded considerably by the BYOD (bring your own device) phenomenon.

However, this rise in remote working raises almost inevitable security concerns. Here are some of the more obvious risks involved with remote working:

Using personal email for work messages

Some employees use personal email accounts for sending work-related attachments. However, work email is usually more robustly protected than some home offerings. Such attachments are consequently more at risk of falling prey to hackers.

Working at public Wi-Fi spots

Even though some Wi-Fi hotspots, such as in coffee shops, may be password protected, this does not prevent canny hackers from snooping on the unencrypted wireless traffic passing through that point.

Inadequately protected PCs

A home laptop may appear fine on the surface, but if it is not using sufficiently powerful security software, then it could be prone to destructive malware programmes or viruses. The same issue applies to mobile phones and tablets. According to mobile security specialist PJ Gupta from Amtel:

“Despite efforts by Apple and Google, the sheer volume of public apps makes it very hard to verify that such apps do not bring security and data leakage risks to an enterprise.”

Loss, damage and theft

When a corporation allows employees to operate in non-work spaces, such as homes where young children and pets roam free, risks of mishap inevitably accumulate.

How to minimise the risk

While it would seem that security standards and practices could be jeopardised by remote working, it’s here to stay and forms part of a growing trend. Consequently, it’s more a question of minimising the risk.

Here are some key steps to ensure you and your employees stay safe whilst working remotely:

VPN

The office should provide a VPN (Virtual Private Network) connection to the work server for all of its employees. In layman’s terms, a VPN allows a user to ‘tunnel in’ to a work server, with their data robustly protected primarily by means of encryption. The VPN should be usable on mobile devices, as well as laptop and desktop computers.

Keep work data separate

There are numerous ways to achieve this. On mobile devices, work zones, which are hived off from consumer apps, are being touted by the big mobile players. Meanwhile, Apple’s iOS 8 promises considerable security enhancements for enterprise users.

User education

Finally, there’s nothing like educating users on best security practice to ensure an optimised set up on remote computing devices.

Many steps will help, including creating complex passwords and ensuring that employees use authentication codes (or set up fingerprint recognition) on mobile devices. Mobile workers do, to some extent, have to take responsibility for their own information security in this new, somewhat riskier age.