While multiple studies have shown the benefits of telecommuting in terms of productivity and employee morale, that doesn’t mean that it’s without risks. In fact, allowing employees to work remotely can create security risks. From data breaches to malware, without the right security policies in place, allowing employees to telecommute could be the equivalent of leaving your business wide open to hackers.
The Risks of Telecommuting
Remote workers can put your company’s data and networks at risk in a number of ways.
- Using unsecured networks. Employees working from home typically use their own internet connection, which may or may not be secure. Even worse, when they work away from home (such as at a local café) they may even use public Wi-Fi networks to work, potentially exposing sensitive data to hackers.
- Engaging in non-work activities. Particularly in BYOD environments, employees are going to use their computers and mobile devices for non-work activities such as playing games or using apps that require different levels of access, opening up the possibility of malware or hacking.
- IoT devices. Internet of Things security is a major concern these days, with most connected devices lacking strong security. Employees working from home may be unaware of these risks, and unknowingly put your company networks in peril.
- Lack of physical security. Often, people working from home don’t follow the same level of security as an office. They may leave their computers unattended, fail to follow password protocols, leave offices and filing cabinets unlocked, or fail to follow other basic security protocols, creating risk.
In short, remote workers are often not held to the same security standards as those employees working on-site, meaning that you need to develop strict policies and procedures to maintain security while still giving your workers the flexibility that they desire.
Telecommuting Security Policies
The best way to strike a balance between security and flexibility is to develop a comprehensive security policy for those employees working away from the office. Unfortunately, many companies either have a very old security policy that doesn’t cover current threats, or they don’t have a policy at all. For that reason, it’s worth looking at telecommuting policies on an annual basis (at minimum) and addressing the following issues.
- While BYOD might be a popular option, it does create security risks. For full-time employees who will be working outside of the office, most experts recommend supplying hardware. That way, companies can define acceptable use, as well as better manage security protocols such as updates and patches.
- Antivirus protection. A security policy should also address the antivirus protection standards for employee machines. Again, providing equipment allows you to control the installation and updating of antivirus software, but if that isn’t an option, providing guidelines and access to tools like a free virus scan can help protect against threats.
- Establishing Virtual Private Networks helps you have more control over how your employees access your network. Not only does a VPN keep hackers out, you can also encrypt data and restrict what your employees can access.
- There are plenty of applications that allow your employees to collaborate, share and send information and data, and save files. Unfortunately, not all are created equal — and not all are secure. Your policy should address which tools and applications are acceptable, and which are prohibited.
- Physical security. While you cannot control what employees do in their homes, you can require that work devices be password protected, have two-factor authentication in place, and enforce acceptable-use policies to protect the physical security of devices.
- A disaster plan. What should employees do when things go wrong? Your policy should tell them what to do and who to call if they suspect a security issue.
An effective telecommuting security policy can mean the difference between a safe and secure remote work environment, and a costly data breach. By educating your employees about the risks and providing rules and guidelines for working securely, you can feel more comfortable letting employees work from home.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.