For those in charge of IT security, ensuring mobile and web security for the remote worker is a big challenge. We live in a highly mobile world. More and more people today are now working remotely. The company model where thousands of employees congregate in cubicles to sit in front of a dedicated computer is fading fast. A study released by IWG earlier this year found that 70 percent of professionals work remotely least one day a week, while 53 percent work remotely for at least half of the week. Whether this is to avoid a long commute, being there for the kids, achieving a better work-balance or avoid the disruptions of the office, employees today value the ability to work remotely.
As a result, companies are offering their employees the ability to work in combinations of both on and off-premise. Many workers even work exclusively from home. Not only are more employees working remotely, they are doing so more often. In a Gallup survey conducted last year, 43 percent of the 15,000 respondents stated that they spent at least some time working remotely. The number of Americans who work for an employer full time from their home has grown 115 percent since 2006. Working remotely is not just an American phenomenon, however. According to Eurostat, 35% of European businesses currently offer their employees the option of working from home.
The challenges of protecting remote workers
Whether an employee works with a computer device on-premise or off-site, one thing remains constant. You must secure the user device. Many laptops may have sensitive or proprietary data and so the obvious challenge is to protect that data in case the device is ever lost or stolen. Cybersecurity, however, must go beyond the mere device and file protection.
It may seem that protecting remote devices off premise is not as high a priority as computers that are connected within the on-premise enterprise. However, any malware or malicious apps that infect a remote device will most likely make their way back to the mothership eventually. At some point, the worker who is taking advantage of the company’s short-term remote work policy will bring that infected device back on site. Fulltime remote workers who utilize a permanent workstation residing in their home will eventually enable their VPN, which serves as a pipeline for malicious software. In today’s remote work environment, protecting the enterprise means protecting all devices, even those that are never seen.
Cybersecurity Checklist for Remote Workers
A password can be the last line of defense for a remote device or SaaS application. Password policies that enforce minimum complexity standards are essential outside of the confines of the secure perimeter.
When an employee is onsite, their passwords are supplemented by local security measures but this is not the case when offsite. Outside of a web conference, it is impossible to confirm who the faceless identity is at the other end of a connected session. As a result, passwords alone cannot be relied upon when employees are offsite. The authentication process for essential services such as email and sensitive cloud services should be backed up by multifactor authentication such as the confirmation of a text sent to the employee’s cellphone.
Computer Use Policy
It is important to have a computer use policy for remote employees stating that the computer devices used for work are designated as work devices only and that it should only be used by the employee.
Web Content Filtering
While email filtering is a basic security requirement for most organizations today, web filtering is sometimes ignored when it comes to remote employees. Web filtering is even more critical for devices that go or reside off premise. While many workers cite that they are more productive working from home, employers do lack the ability to visually confirm if a remote employee is being productive, or simply wasting time watching the latest series of viral YouTube videos.
Most web content filtering solutions today integrate with Active Directory or LDAP, allowing management to monitor the internet activity of all employees. When a remote computer establishes a VPN connection, the web session runs in the same fashion as if the device were located on premise.
Thanks to cloud-based DNS filtering solutions, all work-related devices can have the benefit of umbrella-like web filtering protection. Whether working permanently from home or on the go utilizing public WiFi, a cloud-based content filtering solution such as WebTitan can combat malware, spam, malvertising, malicious files, ransomware and annoying popups. No matter where the device is, your users remain protected.
While the combination of email and web filtering can stop the majority of threats today, a multi-layered security approach is essential in today’s digitally dangerous world. Every work device needs to be protected by an endpoint security solution. Often times these solutions serve as a last line of defense. Ensure that all devices, both mobile and desktop, are protected with adequate security before your employees can use them to log in to your network.
Training employees on security best practices will go a long way. It's important to teach employees how to spot potential phishing scams and explain the importance of strong passwords. While a device may be remote in terms of distance, malicious files that infect your remote devices are only a click away from invading the enterprise. Just because a device is off-site, it should never be out of mind.
Throughout a mobile workers life, there's going to come a time when an unsecured, free, public Wi-Fi hotspot is the only connection available, and your work simply has to get done. Understanding public WiFi risks will ensure your important business data doesn't become just another hacking statistic.
Would you like to learn more about keeping your mobile workers data secure?
Talk to a specialist or Email us at email@example.com with any questions.