Remote work has been commonplace in the global business environment for years now, and its prevalence only continues to rise. A study by serviced office provider IWG indicates that as many as 70 percent of global employees work remotely at least once per week, and freelance services coordinator Upwork reports that 53 percent of companies are utilizing flexible labor—including geographically distributed teams—on a regular basis.1 In this climate, where remote labor is not only acknowledged but expected as necessary for assembling a talented team, all companies must pay close attention to data security for workers outside of their own office location.
Remote worker security best practices can take a number of forms, from strategic decisions regarding what software the organization uses to employee education and careful management of digital permissions. Below, read about some key ways in which your company can be sure to protect its digital assets while accommodating the needs of a 21st century workforce.
Teach Best Practices for Wi-Fi Use
Working with distributed teams does not just mean that you are in for minimal face-to-face interaction with workers outside of your central office location. It means that you have little control over where they are actually physically located when completing their work. If you are not careful, this could lead to a situation in which your organization’s sensitive data is exposed to unwanted access via an unsecured wi-fi network in a coffee shop, library, or other public space.
Proper education of your remote workforce in best practices for working on various kinds of wi-fi networks can go a long way toward preventing security crises in the future. Discouraging work on public networks in general is probably a good idea, as is teaching remote employees how to identify common types of attack like public network spoofing, wi-fi phishing, and others.2
And setting up a virtual private network (VPN) for employees to log onto when they work with sensitive materials is another smart way of safeguarding against security issues that may arise when employees work from a remote location.3
Minimize Touch Points
There are an incredible number of products on the market today that are designed to meet the needs of a remote workforce, from group messaging apps to document-sharing interfaces to video conferencing solutions. While it may be tempting to try to integrate every hot new product into your company’s workflow, doing so may create unnecessary security headaches, particularly when your organization uses a remote workforce.
Minimizing the number of third-party touch points your remote employees encounter on a day-to-day basis makes it much easier to coordinate security settings centrally.4 Doing so will allow you to develop a more sophisticated understanding of the peculiarities of each product and to build a robust set of internal best practices for managing them. Try not to exceed more than one product for each individual use, or see if individual products can serve more than one function (text chat and video conferencing together, for instance).
Invest in Endpoint Security
Another proactive step you can take as an organization to promote a culture of data security among your distributed teams is to invest in local security resources to be installed and utilized on your remote workers’ own devices. These can include not only VPNs, but malware scanners, anti-virus software, network firewalls, and more.2 These endpoint security measures can help protect against any lapses in judgement your remote employees may have regarding public networks or suspicious email content.
It is important to keep in mind that endpoint security is not a one-time investment of money and labor. It requires constant maintenance to keep your systems current with the latest security patches and updates. A 2018 survey indicates that the average amount of time it takes an organization to patch an endpoint security vulnerability is 102 days;5 try to beat this benchmark by a significant extent if you want your company’s data to remain as safe as it possibly can.
Control Server Access for Offsite Developers
While all companies that utilize distributed teams must take specific measures to ensure data security, these can be even more complex for companies that either develop software or manage web-facing assets in-house. Remote developers, whether full-time employees of your organization or freelance workers, should have their access to your servers carefully managed to minimize the chance that a potentially damaging mistake could delete or alter critical files.
Root access, the highest level of administrative access that one can have to your server, should be restricted to on-site employees only, and all employees who access the server remotely should do so through secure shell (SSH) connections.6 Another measure that can be taken to bolster security among off-site developers is the utilization of a secure file transfer protocol (FTP), carefully managed by network administrators, to safeguard access to your server and create a log of transfers that can help quickly expose any breaches.
Keep Honing Your Policy
In a way, the most important step you can take to ensure your company’s security with remote workers is to remain diligent. The cybersecurity landscape is constantly shifting, and the most successful security policies will be responsive to its changing dynamics.7 Try to stay as up to date as you can regarding recent security incidents at other companies and promptly apply any patches and updates that your own software may require in light of them.
Similarly, you should maintain constant communication with your own remote workforce not only to ensure they are remaining compliant with your cybersecurity policies as they are currently constructed, but also to get a sense of whether their preferences or needs might require some accommodation on the company’s end. The most successful security efforts are ones that have the buy-in of everyone in the organization, wherever they may be located.
Learn Best Practices for Business in the 21st Century at SCU
Located in the heart of Silicon Valley the Leavey School of Business at Santa Clara University is perfectly positioned to offer a leading-edge Online MBA program one that trains tomorrow’s leaders in the intricacies of managing a contemporary digital workforce.
Learn more about the highly customizable Online MBA curriculum—featuring three optional online concentrations, three additional concentrations that can be completed by taking on-campus courses, and numerous focused elective courses—and hear from the network of business innovators you could join with a degree from SCU.
1. Retrieved on August 26, 2019, from tecla.io/blog/2019-remote-it-workers-stats-companies-should-know/
2. Retrieved on August 26, 2019, from inc.com/neill-feather/how-to-protect-your-remote-employees-from-cyber-threats.html
3. Retrieved on August 26, 2019, from dsm.net/it-solutions-blog/how-to-secure-data-among-remote-workers
4. Retrieved on August 26, 2019, from techrepublic.com/article/managing-a-distributed-workforce-how-to-maintain-cybersecurity-when-everyone-works-remotely
5. Retrieved on August 26, 2019, from cdn2.hubspot.net/hubfs/468115/whitepapers/state-of-endpoint-security-2018.pdf
6. Retrieved on August 26, 2019, from upwork.com/hiring/development/secure-collaboration-remote-developers
7. Retrieved on August 26, 2019, from forbes.com/sites/forbestechcouncil/2019/05/01/how-to-employ-a-secure-remote-workforce