How businesses function has changed, and in many cases, in a permanent way. It’s not just how customers consume, but how employees work. According to Kate Lister (president of Global Workplace Analytics), nearly 70% of the workforce will work remotely at least 5 days a week by the year 2025.
Think about that: almost 3 quarters of the workforce working from home almost the whole week in a not-so-far-off future. And although most businesses have been given a clear preview of what work-from-home looks like, there’s a difference between it being temporary and permanent. Along with that permanence comes hurdles to surmount, none of which are more pressing than those of a security nature.
That’s right, with a workforce doing their jobs remotely, companies everywhere are going to have to revisit how they think about security. Why? Let me count the ways. You might be surprised at how many issues you’ll have to either deal with or haven’t considered. Either way, you might have a lot of work ahead of you, to ensure your staff, the data they work with, and your company are secure.
Let’s dig in and discover those challenges.
Because those employees will no longer function within the security blanket of your LAN, you’re going to have to consider what is considered an acceptable network service for them to use. Most consumer-grade network devices don’t offer the higher levels of security (nor the configuration options) found in enterprise-grade equipment.
What does that mean for your business and the staff who’ll be working from home? It could mean the data they use isn’t nearly as safe as it would be if they were within the company LAN.
That doesn’t mean you should automatically jump to foregone conclusions. Some consumer-grade networks are quite secure. After all, it’s in the best interests of ISPs to keep their customers safe. But always erring on the side of caution should be your approach.
To that end, you might have to supplement the security of your work-from-home staff with added hardware (such as a more secure wireless router).
Chances are pretty good your staff works with data. You certainly don’t want that data falling into the hands of those who would use it for nefarious purposes. And considering that data could include sensitive customer information, it’s imperative that your employees take care of it.
For that, you might insist your work-from-home staff make use of VPNs (such as NordVPN), anonymizers (such as Tor), and encryption. You could even go so far as to insist all browsers use DNS-over-HTTPS to encrypt all DNS queries. Such tools would help to eliminate data theft from those working from home. Would it completely eradicate it? No. But viewing encrypted data is far more challenging than reading that which isn’t.
The biggest challenge here is training your staff. Encryption isn’t always an easy subject to grasp, and many end-users struggle with getting it right. On top of that, there are many different tools that make encryption possible, all of which go about the process in a different way. That means your company will need to decide upon technology and train the staff on how it’s used. The results, however, will be more secure data storage and transmission.
This one is big. When you’re dealing with in-house staff, your IT department can create policies that run automatic software updates, so end users aren’t working with outdated operating systems or software. The last thing you want is employees working with browsers that contain security vulnerabilities that could easily be patched with an update.
So what do you do about updating software on systems your IT staff have no control over? It’s not like you can apply company policies to those home-based machines. You can, however, supply employees with computers that have been configured for auto-updates. As well, you can have your work-from-home staff sign agreements that detail the requirements of keeping their software up-to-date.
Although this might sound like a minimal risk, it isn’t. It’s one of the biggest issues you might face with work-from-home employees. Outdated data software is dangerous. Every operating system and the software used should be updated regularly (daily, if possible).
Use 2FA whenever possible
Your user will be logging in and out of systems and accounts all day. If they are using traditional username/password authentication, it’s just a matter of time before their accounts are hacked. Considering how busy (and successful) hackers have become, your business must begin the process of adding Two-Factor Authentication (2FA) into your systems. With the added authentication step, hackers will have a considerably harder time gaining access to user accounts.
Once you’ve added this step for user authentication, you must make it a requirement. Don’t give staff the option of using 2FA, because they very likely won’t.
Beyond company system authentication, you should also encourage work-from-home employees to make use of 2FA for all other accounts, especially for social media, banking, cloud, and any other accounts that house sensitive information. Think about it this way: If a hacker were to gain the upper hand over an employee, there’s no telling how they could leverage that position against your company.
Keep the lines of communication open
Finally, you need to ensure all of those involved have the means to easily communicate with one another. Your IT staff should have a Slack workspace (or use another service), where end users can very quickly communicate with them should a problem arise. This is especially true when it comes to security concerns. You don’t want an employee left with a dangling security issue. Should that go unaddressed for long, it could turn into something serious.
You might now be thinking the task of securing your work-from-home staff is far more challenging than you originally considered. In some respects it is. But having a happy staff will lead to greater productivity. And given that some people are happier working from home, the added work will pay off.
Take these issues seriously and implement everything necessary to ensure the security of your employees, the data they use, and your company.