5 Elements of Secure Work at Home Programs
May 16, 2017 No CommentsThe practice of allowing employees to work from home has skyrocketed in recent years. This model allows employees to be more productive and gives companies access to a wider pool of talent and lower overhead costs. With these strong drivers pushing the trend, more than 50 percent of the workforce is expected to work remotely by 2020, according to Fast Company.
To properly embrace this shift, organizations find themselves asking new security management questions. With less access to employees and their endpoint devices, security becomes more difficult and the way IT teams approach security needs to adapt. Here are four key elements that are essentially table stakes for any organization that wants to ensure secure work from home programs.
1. Understand that not all workers are alike
Cybersecurity and data breaches are an increasing concern across industries, and the practice of remote working only serves to heighten the threat by widening the data access footprint.
In order to combat this challenge, IT organizations should double down in user controls. It’s important to remember that not everyone needs access to the exact same information, applications and computing functions. In fact, a one size fits all approach to security controls creates massive risk.
Instead, identify what functions and features each user group needs access too and limit anything else. For instance, a third party contractor likely doesn’t need the ability to print information from your database. Ensure all remote employees or contractors are working within an environment you can control (like a company-issued virtual desktop) and implement the appropriate security controls based on user group and use case.
2. Ensure IT can keep devices updated and secure
Many remote working programs employ a “bring your own device” (BYOD) model, and for good reason. BYOD allows organizations to further cut overhead costs, get out of the endpoint provisioning business and stop worrying about getting a laptop back when the worker’s employment is done.
However, without proper planning this can mean that you are relying on how well individual remote employees take care of their devices – which includes critical security components like antimalware, antivirus, updated operating systems and installing security patches.
To ensure security is always kept up to date, it’s imperative that in-house IT has an easy way to access and update remote endpoints and a regular plan and schedule for doing so. This is best accomplished if IT can manage all devices through a single pane of glass, minimizing the individual desktops they need to remotely manage.
3. Keep data off the end point
Device loss and theft are big enough concerns with in-house employees (especially ones who travel for business), but the concern amplifies for workers who are 100 percent remote and may be using their own personal device.
With remote workers, you have no control over the safety of their home or their work habits (where they work from, if they leave their computer logged in and unattended while working at a coffee shop, etc.). With BYOD situations, employees will most likely also being using their device for personal use, exposing your corporate data to potentially dangerous incidents (like computer viruses) or accidental exposure, such as adding a work file as an email attachment instead of a personal file.
If there’s any chance that an employee may use their device for both work and personal use, keep corporate data and applications isolated to minimize the risk.
4. Maintain the ability to cut off access
Whether remote workers and contactors use their own devices or your company mails work at home employees a company-provisioned laptop, you need to ensure that those workers don’t have access to your corporate data after their employment is done.
Ensure an immediate action plan is in place to revoke access to any applications as soon as a contract of employment comes to an end. This should include how you’re going to lockdown access to any information saved to the desktop. This is another reason desktop isolation and ensuing remote workers work within a virtual desktop is important.
5. Be Prepared for the Change
When it comes to corporate security, protecting data is one of the top priorities. As work from home programs continue to gain popularity, organizations that embrace remote workers need to carefully think about what this workforce shift means for security and what new procedures and solutions need to be implemented to ensure remote working doesn’t equate unsecure working.
There are many other best practices, but companies that aren’t addressing the above four elements at a bare minimum are failing to plug some of the largest holes and will likely find that remote working is drastically increasing their security risk.
Brady Ranum
Brady Ranum is VP of Products and Strategy at Dizzion, a cloud delivered desktop and end user computing solutions provider. Having spent more than two decades in the IT infrastructure technology industry, Brady excels in designing colocation and customized managed infrastructures, and delivering high performance, highly available cloud deployments, custom networks, storage and compliant environments.