With telecommuting on the rise and even normal employees constantly on the move in an increasingly mobile world, working from remote locations is now commonplace. Many employees, in fact, now rarely work out of conventional offices.
Employees log in to the company server from the privacy of their homes, from airports, hotels, and other locations to get their work done. While this increases productivity manifold and opens up a world of possibilities, it also brings with it serious security issues.
The biggest danger posed is the infiltration of malware. This threat arises as the system which the remote employee uses may not be very secure.
Home computers rarely have the firewalls, data encryption or virus scanners usually found in the office systems. The case of mobile devices such as tablets and smartphones are even worse when it comes to security.
Cyber criminals looking to eke out company secrets can very easily slip in Trojans through such infected systems. Once inside, the malware may open up a port to its command and control server and siphon off data. The malware could also tamper with permissions and gain administrator access to the company server, putting the entire organization at risk.
The solution is to enforce a strong policy for remote working. The policy could whitelist devices authorized to connect to the company server and specify the antivirus suites required in a system used to access the corporate server.
However, antivirus alone cannot stop malware. There is also a pressing need to educate the remote worker about good hygiene that would pre-empt the chances of malware infiltration.
Some hygiene points:
Remote workers use laptops, tablets, USB drivers, memory cards, smartphones and other mobile devices and often store sensitive data in it. These devices have a real chance of being stolen.
The solution to pre-empt the damage that may accrue if the stolen device reaches the wrong hands is to install whole-disk encryption software. Encrypted data is useless to any person who does not have the key to decode the same.
Another option is to ensure that the mobile device has remote wipe features which allow the user to erase the entire data residing on it, in the eventuality of theft.
Simply deleting data will not make it go away. It remains in the hard disk and even an amateur hacker can retrieve it. To eradicate the data from the hard disk completely, it is necessary to overwrite the data. Hard-drive wiping software makes the task of scrounging data out of the hard disk easy.
Apart from the risks related to the device, the network is also a big threat. When remote workers connect from public wi-fi nothing prevents a determined snooper from intercepting the traffic. The solution is to encrypt the traffic by deploying virtual private network (VPN) software.
Apart from such protective mechanisms, there is also a need to change the basic approach of information flow. Usually all company data is freely available, unless classified. When remote workers are on hand, it is imperative to restrict sensitive information on a ‘need to know basis’.