Remote working is a natural part of a mobile-first world. Clearly it has enormous potential, and benefits, for greater business agility and adaptability. It offers greater flexibility, too, for millions of employees.
“The greater penetration of technology into people’s personal lives, via devices they carry with them, provides more opportunities for hackers,” warns Lee. “For businesses, having employees working remotely, increases the potential points at which cyber criminals can infiltrate their systems.”
Wired magazine conducted some research in 2015, which revealed that hotel wi-fi routers could be vulnerable to hackers. They could gain access to data and distribute malware over these networks.
Conference wi-fi networks may be just as vulnerable. This raises security issues for businesses where the controls they may have for their own systems no longer apply.
“If you have employees working remotely, in public spaces, do you really know what protection they still have?”
“The greater flexibility your workforce now has may leave your IT systems, networks and devices exposed. Therefore, your cyber security policies must extend to remote working, and to raising awareness of the risks.”
Understanding the Risks
Different businesses have different remote working arrangements with their employees, some more formal than others.
However, the risks posed are common to all, and therefore certain procedures and guidance should apply regardless.
“The first thing is to keep mobile devices and laptops safe. They’re business assets, therefore keep them secure and in sight. Don’t leave them unattended.”
There are apps available to help manage remote devices, and improve chances of recovery.
“Sound password procedures are essential, just as they are in an office or other work environment. This means long passwords with multiple characters and two-stop authentication.”
There should be unique passwords for different logins and systems.
“Also, security protection of devices must be kept up to date, including things like anti-virus software and device encryption.”
“Obviously, it can become an issue if employees are using their own, personal devices for remote working, but nevertheless it should happen across the board.”
In addition to these basics, a business’s cyber-security policy should reiterate best practice for remote workers using electronic devices.
“Don’t use public wi-fi for any sensitive business-critical activities. It’s not always clear which networks are secure, so the best way to be sure is to restrict what you do on them.”
Similarly, employees should avoid logging onto public computers for work-related communications if they involve sensitive information.
“On remote devices when out and about, be discreet and aware as there are physical risks from snooping and eavesdropping. Look at it the same as if you were using a PIN number at a cash machine”
Plug-in devices such as USB sticks can pose a threat, as a source of malware. Don’t share information with people you are not completely familiar with, and use encrypted devices for sensitive information.
“Cyber security for remote working is as much about awareness-raising as it is to do with taking specific action,” concludes Lee.
For an accompanying read, please visit Remote Working: Is Connecting to Public Wi-fi Safe?