Securing business data

Blog Item

Remote & Mobile Working: Security Procedures for Out of Office

by Giulia Foss | Jan 04, 2018


All large professional services organisations have considered remote working for their teams. You might be a large law firm offering one day a week working from home, or a finance house with a client-facing team that’s on the move. Maybe you’re an HR Director who’s noticed how few people are in the office at any one time. Rather than maintaining a desk each, couldn’t you reduce office costs by downsizing to hot-desking and remote working? There’s even talk that Brexit will increase the likelihood of satellite offices in the UK, where the team accesses information from offices elsewhere in the continent.

As well as being helpful to your business, remote and mobile working is also desirable to many employees. As Ben Marrin, the Director of Wow Event Hire explains, "remote working is now one of the most sought after workplace benefits. It allows for increased flexibility, which is especially great for parents who need to juggle their child's school schedules around their working hours."

So, mobile or remote working is desirable and possible. But in the excitement of remote working being technically possible, the security implications of being outside the real and fire walls of the office can get missed. It needs to be on your radar because it exposes new risks that need to be managed. It’s not just online and in the ether, but in real life also. Leaving your laptop in the coffee shop or on the train is more likely to happen when your workers, the data and their hardware are mobile.

Organisations need to adopt sound remote access practices and encourage workers to think about the technical and non-technical security issues that being out of the office presents. Through education and guidelines, corporates can help their workers manage the risk of a breach and mitigate the impact.

In their piece on 'Overcoming challenges and making the most of opportunities ahead'Morgan Lovell, says: "The increasingly mobile workforce can be perceived to pose a greater challenge to data privacy and protection of an organisation’s intellectual property. Therefore, the risk to corporate assets must be mitigated through effective risk management.

"The digital marketplace is responding to this by offering thin-client technology solutions such as Citrix™, VDI™, iSpace™ etc. that extend security policies to the entire user group rather than just those in the office. With
these solutions, data and applications remain under IT control so that centralised management can make policy enforcement, regulatory compliance and other measures far simpler and effective. Storing data to removable media, printing and sharing can all be prevented, and even data delivered for offline use to the local desktop remains encrypted at all times."

Users can be educated on some of the non-technical risks:

Over-hearing and open screens

Remote workers need to be aware of their surroundings; who is around or behind them? Coffee shops aren’t just full of stay-at-home mothers. These days they’re just a likely to be full of remote workers. Maybe even your competitors. Being overheard or having your screen watched can compromise sensitive information like authentication credentials, so use privacy filters on your screen.

Unattended laptops.  

It might be tempting, but never leave your computer without locking it. In fact, don’t leave your computer at all; especially not on the train. An unattended laptop can be vulnerable to tampering, where the security controls are subverted with malicious software or hardware. All the user activity on the device can then be monitored.

The organisation should also establish secure remote access and mobile working practices. This can involve:

  • Reviewing the corporate incident management plans to include mobile devices and activity.
  • Implementing technical processes to remotely disable a device or deny it access to the corporate network.
  • Protecting data in transit with a VPN or HTTPS and protecting the data at rest through laptop encryption. This should be done before the hardware leaves the office.
  • Understand data classification and handling procedures. Outline what constitutes sensitive data and the type of information that can leave the office. Ask users to minimise the information they store. Then outline the vulnerabilities of public wi-fi and help users to identify legitimate wi-fi connections.
  • Ensure all home peripherals are qualified with the office.

Whether saving on the cost of space, getting the work done when the team is travelling or just offering flexibility as a perk, over 4m UK workers work remotely [1] and that figure has been rising since 1998.  Most of those workers will be accessing information from the office and carrying around data on mobile devices. If they’re in your organisation, it’s time to get your remote working security practices in order.


National Cyber Security Centre

Morgan Lovell Technology Checklist

How To Stay Secure When Working Remotely 
call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere