Security Best Practices for Managing Remote Teams
By: Tabby Farrar
The unprecedented connectivity the internet provides, coupled with the increasing numbers of Millennials and Generation Z-ers that are entering the workforce, is creating one of the most dramatic changes the office environment has ever seen.
Just a few years ago, the idea of working remotely was not considered practical and was still a rarity. But now it has become normalized. The mobile workforce continues growing, with 70% of employees already believed to be working away from their designated workplace at least once a week.
There are many benefits to these changes for both the company and individual employees. While staff can enjoy an improved work-life balance, boosting their happiness, productivity and focus, companies can save money with smaller office spaces and improve recruitment – no longer restricted by location.
However, with so many personal devices being used to access company networks, there is the increased possibility of loss or theft and often a lack of uniform security. Mobile working has the potential to be a huge security risk if it is not properly managed.
The following security best practices should be put in place to ensure that remote workers do not become a major security risk.
Use secure connections
As important as antivirus is, it is one of a number of software tools that all businesses should be using as a standard security measure along with a firewall, email scanners and password managers. When looking at security for remote teams, a virtual private network, or VPN, becomes essential.
A VPN offers users a number of benefits. By tunneling user data through secure servers located around the world, browsing activity and the user’s location are hidden from prying eyes. Not only this, but VPN services also feature end-to-end encryption, meaning that if any data was intercepted by a third party, it would be incomprehensible.
Free public WiFi is rarely secured, and staff should be instructed to avoid using it wherever possible. But if it is a necessity, then the connection should only be used through a VPN to ensure that passwords, sensitive information and account details remain encrypted and secure.
Educating people on how to identify risks
Research by the UK Information Commissioner’s Office has found that 88% of breaches in the last two years were the result of human error rather than malicious attacks, meaning that providing effective security training has become more important than ever before.
With in-house IT staff, office workers have someone they can talk to directly should they identify a potential security risk. This is not going to be the case for remote workers. Ideally, all staff should be trained to the same standard to ensure that easily avoidable mistakes do not result in a breach, but it is particularly essential for remote teams.
Anyone working remotely should be aware of the most common security threats, such as phishing, and using unpatched software or weak passwords. No matter how much effort has gone into building a multi-layered security setup, one carelessly opened email attachment could create the backdoor that allows hackers in.
Ensuring the simple things are accounted for is just as important as more elaborate security measures. It is vital that regular training is provided to ensure that everyone, at all levels of the business, is confident in identifying the most common threats and knows what to do should a breach occur.
Establishing a BYOD policy
When everyone works under the same roof, computers and other devices are all likely to have the same security software setup. For employees, this means that things like email scanners and firewalls are already in place, and it is not something that has to be considered. But with more work occurring outside the office on personal devices, the responsibility for ensuring a suitable level of device security has to fall on the individual users.
Businesses can encourage good practices by defining expectations, and implementing a bring your own device (BYOD) policy. This document, which would need to be agreed before remote working is allowed, should identify the security software that is required to be installed on every device accessing the company’s data.
As well as agreeing to security precautions, an effective BYOD policy will identify best practices that need to be followed. These should include regularly updating software, using strong passwords and activating two-factor authentication (2FA) where it is available.
Remote working is no longer a trend. The shift has been dramatic and is expected to continue to grow in the next five years, with 42.5% of the total global workforce estimated to become mobile by 2022. This means that security policies will have to adapt quickly to ensure that the risks do not outweigh the benefits.
With revised best practices around secure connections, improved staff training and the creation of new expectations around the security responsibilities of the individual, businesses of all sizes can ensure that remote workers become an asset, rather than a security risk.
Tabby Farrar is an Outreach Specialist and avid blogger on technology, travel and the changing face of employment in today's world. Perhaps appropriately for an advocate of remote working, her blog named JustCantSettle covers everything from English beer gardens and Vietnamese street food to ethical fundraising.