Cybersecurity in a Work-from-Home Culture
More people are telecommuting for work these days. In fact, as of 2017, 3.7 million people worked from home at least half the time—a 115% increase since 2005—according to FlexJobs and Global Workplace Analytics, “State of Telecommuting 2017.” The benefits of working from home are reaped by both the employee and employer.
Employees enjoy working from home as it reduces commuting time and allows them to more effectively meet the demands of work and life in their schedules. Companies benefit from the trend because it has resulted in increased productivity—two-thirds of managers say that telecommuting employees are more productive—and a more engaged workforce. Despite the many benefits of allowing employees to work remotely, this structure increases cybersecurity risks for organizations. In this blog, we’ll examine these risks and discuss a few methods of mitigating them.
Common Threats in a Work-from-Home Culture
A work-from-home culture creates a geographically dispersed network, with employees connecting to your system from wherever they are—at home, a coffee shop, hotel room, etc.—on different devices. Some of the most common risks facing your environment include:
Use of unauthorized devices. Your employees are using their personal cellphones, laptops, tablets, etc., to interact with your network. Not only does this prevent you from closely monitoring the use of the device and setting up necessary security features for your environment, it can also act as a welcome mat for threat actors into your network. This creates risks that can be mitigated by issuing your own assets. That way, you can monitor these devices—just as you would if they were in your office—through remote security protocols that can protect your data.
Unsecure networks. Even if you issue secure devices to your employees, your data can still be at risk if they connect to your environment via an unsecure network. If the company-issued device they’re using is connected to the same network as your employee’s cell phone, tablet, personal computer or any unsecured smart device, hackers can compromise a less-secured device and potentially move laterally from the compromised endpoint to gain access to your network. Especially vulnerable networks include public Wi-Fi at coffee shops, hotel lobbies, airports, and even at home.
Centralized document sharing. Platforms such as Office 365 or Google Drive make it easy to share workflow documents across multiple locations, but they also increase the risk of data escaping outside your organization. It’s more difficult to keep track of where the data lives and whether or not it leaves your organization.
Unintentional breaches. Employees working at home spend a great deal of their time around friends, family members, even strangers at the coffee shop, who are not always authorized to view your company’s data. The most common breach is low-tech; someone simply views confidential information over your employee’s shoulder. While they may not intentionally share data with someone outside of your organization, there are still ways for information to easily slip into the wrong hands. Make sure your employees understand the importance of protecting information by working in a secure location.
How to Protect Yourself and Your Company at Home
As mentioned, offering your employees the opportunity to work from home provides many benefits, and, as a result, there are no signs that the trend is slowing down. Work-from-home programs allow you to choose your employees from a wider talent pool, because employees value work from home as a benefit and relocation is no longer a factor. It may even allow you to reduce expenses, since you won’t have to pay for relocation or a larger office space when you hire. But, as always, with the good comes the bad.
Although hiring remote employees does entail additional security risks, the aforementioned threats can be neutralized by issuing secure devices and networking capabilities and educating workers about common cyber risks. A few tips to help protect your environment include:
- Keep in mind that threat actors recognize that work-from-home environments are easier to hack, and they may focus on telecommuting employees as a point of entry. Even if companies are using VPNs, this in itself would not stop someone from attacking a vulnerable network.
- Maintain a system of least privileged access. You should only allow your employees access to the bare minimum amount of data necessary to completing their work. Avoid providing work-at-home employees administrative access as much as possible.
- Implement basic security best practices, such as requiring the use of strong passwords that are updated frequently using encryption, limiting the information stored on remote laptops, etc.
Creating Work-from-Home Policies
If you’re just developing a work-from-home strategy, consider establishing a policy framework that supports cybersecurity. Here are some basic elements to think about.
Network Access Control (NAC). This tool essentially checks the client or connecting system for a certain level of security. If a laptop or other device doesn’t meet the minimum standards, it won’t be able to connect. These programs use end point unification to make sure an end point is trusted before it connects.
Written security policies. Clarify your employees’ security responsibilities in writing and spell out how they will be held accountable if they deviate from policy. Include HR in this process and educate employees about company-mandated cybersecurity policies.
Assume a breach will happen and prepare for it. In today’s high-risk cybersecurity climate, the question is not if but when your network will be breached. Adding work-from -home employees only increases that risk, so it’s smart to build in systems that monitor and protect critical data assets. The faster you recognize an intrusion, the better you can protect your data, your business, and your customers.
More companies are offering work-from-home accommodations to attract and retain quality talent, increase productivity, and reduce commuting time and environmental impact. Yet, while beneficial in many ways, telecommuting significantly increases cyber risks. You can manage these risks while still reaping all the benefits of work from home with strong security policies.