Flexible working and its impacts on business security
Without thorough security considerations, mobile employees and teleworkers can open a business up to cybercriminals and data theft.
Senator Stephen Conroy recently unveiled the Digital Economy Strategy along with Government goals to double the number of Australian teleworkers by 2020. The roll out of the National Broadband Network is expected to bolster the teleworking rate from six percent to 12 percent over the next nine years. There is no doubt that the opportunity to log on from home will appeal to employees looking for more flexible working arrangements. However, the challenge for SMBs will come from enabling teleworking while ensuring that confidential business data remains secure once it leaves the business network.
The benefits of teleworking
Teleworking is taking off globally with 10 percent of employees working remotely at least one day a month in the USA and eight European Union countries reporting that more than 10 percent of staff work remotely at least a quarter of the time. However, IDC found that the largest number of mobile workers is found in the Asia Pacific region, and we can expect this trend to continue with the roll out of the NBN in Australia.
Teleworking can be beneficial both for employees and for businesses. By connecting staff from home, employers can make staff more productive by enabling them to get their work done from wherever they are based. Additionally, they can access a larger pool of employees outside of city borders, opening them up to new talent. Remote working can also help secure quality staff by offering flexible work conditions. Enabling mobile working can also reduce office space requirements and potentially reduce levels of absenteeism. When it comes to employees, the key benefits of telecommuting are reduced travel time and the work-life balance that many people strive for.
Security and Productivity Issues
Despite the numerous benefits, employees accessing the internet outside of the company network or virtual private network (VPN) can be more susceptible to security risks. Remote workers will often look to access information from their personal computers, laptops or tablets. If these devices do not have business quality security software installed, it becomes much easier for opportunistic hackers to access corporate data. Additionally, the use of unsecured networking environments can increase security risks. Home networks are not set up with the protection of business data in mind. Equally, public access Wi-Fi hotspots can have lax security settings, enabling cybercriminals to electronically ‘eavesdrop’ on usernames and passwords.
Without adequate security measures in place remote working can leave businesses vulnerable to cybercrime. This is especially worrying given that SMB organisations are already the most common victims of malicious and highly targeted forms of cybercrime, known as targeted attacks. Given the sheer volume of high profile security breaches that have made headlines over recent months, it is imperative that these security concerns are addressed before SMBs encourage teleworking.
It is inherently challenging for SMBs to manage the activity of remote workers and the devices they use. Typically, teleworkers are not connected to the corporate network, making it difficult to ensure that security and acceptable usage policies are applied. Therefore, businesses cannot easily maintain endpoint protection on devices used by remote workers or accurately scan for infections. Nor can they continuously secure all of the websites employees visit, the URLs they click on, the emails and IMs they receive and send, or the files and downloads they activate.
Additionally, Symantec.cloud research demonstrates that employees use work laptops differently when they are outside the office, with 35 percent of remote workers triggering more breaches of security and acceptable usage policies. Given that teleworkers have a higher risk profile than office based employees it is vital that security solutions offer strong protection for this group.
With calls to increase teleworking levels, SMBs need to recognise these security issues and select technologies that make working from home not just viable, but safe. This is why a growing number of SMBs are calling on experts who can manage security for remote workers via cloud based solutions. A cloud security service enables security threats to be identified and blocked before they enter the organisation – irrespective of where the user is based.
However, not all cloud security services are alike, and SMBs should look for offerings that are specifically designed to support mobile workers. Some solutions offer very basic protection for teleworkers while others include comprehensive protection such as automatic protection for workers logging onto Wi-Fi hotspots. When choosing a cloud provider be prepared with questions around their level of protection for teleworkers and ask for case studies that demonstrate how effectively they have supported businesses with remote workers in the past.
Additionally SMBs need to research the cloud provider’s track record in providing comprehensive protection. It is worth looking at the provider’s service level agreements (SLA) to ensure that the solution meets your requirements. Additionally, look for providers who measure and publish their SLA results, demonstrating that high service standards are delivered and that financial penalties are in place should the provider not perform.
Another key differentiator between cloud security providers is the extent of their intelligence network. Consider a provider with a comprehensive global network which provides updates and security patches in real time as threats are identified. The best intelligence networks incorporate security operation centres which are online 24/7 in addition to consistent threat reports from deployed solutions.
Finally, it is worth remembering that prevention is better than cure. Educating employees about the security issues involved in teleworking can go a long way toward reducing risks. Some tips include:
- Employ strong passwords – Maintaining strong passwords will help employees protect the data stored on a laptop or mobile device if it is lost when working away from the office. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols. Have employees change their passwords on a regular basis.
- Avoid opening unexpected messages from unknown senders – Emails, social networking messages and text messages can be used to spread malware, phishing scams and other threats. Remind employees to use caution when opening unsolicited messages.
- Click with caution – Social networking on mobile devices and laptops needs to be conducted with care. Employees should not open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the business information on it.
- Employees should be aware of their surroundings when accessing sensitive information – Teleworking enables employees to set up office at any location with an internet connection, but this can expose sensitive data to prying eyes. Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulder.
Trends in both business and technology sectors are increasingly making teleworking a reality. If the government achieves its goals, the issue of remote working is set to impact a growing number of SMBs over the next few years.
While enabling teleworking should be encouraged, businesses need to be aware of the security risks involved and find a way to tackle these. By implementing a cloud solution for SMBs, IT experts can more easily manage security for remote workers. Trusted IT partners will be able to advise SMBs on cloud solutions that will facilitate teleworking while intelligently managing security issues.