Securing business data

News Article

Remote & Mobile Working: Security Procedures for Out of Office

by Paul Rose | 27 Apr 2018

shutterstock_515158942

All large professional services organisations have considered remote working for their teams. You might be a large law firm offering one day a week working from home, or a finance house with a client-facing team that’s on the move. Maybe you’re an HR Director who’s noticed how few people are in the office at any one time. Rather than maintaining a desk each, couldn’t you reduce office costs by downsizing to hot-desking and remote working? There’s even talk that Brexit will increase the likelihood of satellite offices in the UK, where the team accesses information from offices elsewhere in the continent.

So mobile or remote working is desirable and possible. But in the excitement of remote working being technically possible, the security implications of being outside the real and fire walls of the office can get missed. It needs to be on your radar because it exposes new risks that need to be managed. It’s not just online and in the ether, but in real life also. Leaving your laptop in the coffee shop or on the train is more likely to happen when your workers, the data and their hardware are mobile.

James Mawson from DXM Tech Support says: "The worst security problems that tend to arise with remote workers, usually happen because the business has no formal written security policies and procedures whatsoever. For both small businesses and for those experiencing rapid growth, it can be all too easy to just leave everyone to figure out security as they go. This means something disastrous has to happen before the situation is properly attended to. 

"As an example, one thing you have very little control over with remote workers is whether or not they use public wireless networks from time to time. For digital nomads, business travelers and freelancers whose home internet connection drops out, this might not be avoidable at all. This gives the bad guys an easy opportunity to eavesdrop usernames and passwords. This is why it's important to always use encrypted connections - having remote staff VPN into your server room is a very good idea."

Alberte Marie Jensen works with Ellyot, "a platform for discovering, comparing, booking and networking across coworking spaces all around the world". She says: "Security is indeed a hot topic among remote workers since being remote requires the use of so many different WiFis; and in that sense much more uncertainty than a closed internal network in a company office.

"The security issue is a limitation for companies to implement smart working, since in some cases the privacy and secrecy of data simply cannot be risked. At the same time, companies cannot avoid the trend of workers expecting the option of a flexible work schedule - the co-working sector has been growing at an average annual growth rate of 23% since 2010. This growth goes hand in hand with the fact that cities are growing and people are increasingly moving to urban areas - namely what will become smart cities. It is predicted that by 2050, 70% of the global populati on will be living in smart cities, and this of course calls for numerous changes.

"One of them will be the shift from using WiFi to exclusively using wireless networks (being 5G in the coming years) - and THIS will be the solution to the security issue that we are facing today, since, opposite to WiFi, data being sent via 5G is encrypted. Additionally, a 5G connection is incredibly fast and also the safest option in order to avoid hacker attacks. This shift will happen before 2030 (Forbes)."

Organisations need to adopt sound remote access practices and encourage workers to think about the technical and non-technical security issues that being out of the office presents. Through education and guidelines, corporates can help their workers manage the risk of a breach and mitigate the impact. 

Users can be educated on some of the non-technical risks:

Over-hearing and open screens

Remote workers need to be aware of their surroundings; who is around or behind them? Coffee shops aren’t just full of stay-at-home mothers. These days they’re just a likely to be full of remote workers. Maybe even your competitors. Being overheard or having your screen watched can compromise sensitive information like authentication credentials, so use privacy filters on your screen.

Unattended laptops.  

It might be tempting, but never leave your computer without locking it. In fact, don’t leave your computer at all; especially not on the train. An unattended laptop can be vulnerable to tampering, where the security controls are subverted with malicious software or hardware. All the user activity on the device can then be monitored.

The organisation should also establish secure remote access and mobile working practices. This can involve:

  • Reviewing the corporate incident management plans to include mobile devices and activity.
  • Implementing technical processes to remotely disable a device or deny it access to the corporate network.
  • Protecting data in transit with a VPN or HTTPS and protecting the data at rest through laptop encryption. This should be done before the hardware leaves the office.
  • Understand data classification and handling procedures. Outline what constitutes sensitive data and the type of information that can leave the office. Ask users to minimise the information they store. Then outline the vulnerabilities of public wi-fi and help users to identify legitimate wi-fi connections.
  • Ensure all home peripherals are qualified with the office.

Whether saving on the cost of space, getting the work done when the team is travelling or just offering flexibility as a perk, over 4m UK workers work remotely [1] and that figure has been rising since 1998.  Most of those workers will be accessing information from the office and carrying around data on mobile devices. If they’re in your organisation, it’s time to get your remote working security practices in order.

Resources

National Cyber Security Centre https://www.ncsc.gov.uk/guidance/10-steps-home-and-mobile-working




call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere