Editor’s Note: In response to the coronavirus crisis gripping the world, TechGenix is republishing a selection of recent articles, tutorials, and product reviews that contain relevant information for IT pros as their jobs change dramatically. In this article, originally published Aug. 30, 2019, for the long Labor Day weekend in the U.S., we look at something on the minds of every IT admin and CIO right now — how to maintain network security when shifting to remote workers.
It’s the long Labor Day weekend in the U.S., a good time to reflect not only on how employees do their jobs but where employees do their jobs. Allowing your employees to work from home, trains, airports, coffee shops, or anywhere there is an Internet connection can increase worker productivity and cut your business overhead. However, telecommuting also comes with substantial risks. Many companies don’t mitigate against these telecommuting technology risks enough — if at all. Yet, you cannot control the risks of remote working if you don’t acknowledge their existence in the first place. We take a look at the key telecommuting technology risks organizations face.
Not all WiFi is created equal. Telecommuting employees could connect to a neighbor’s WiFi, a condo complex’s WiFi, or restaurant WiFi. Some remote workers will even go as far as indiscriminately connecting to the first unsecured wireless network they come across when they pop open their laptop. This is dangerous behavior for several reasons.
First, communication can be intercepted on unsecured WiFi networks. Second, hackers may set up a hotspot with a misleading name that unsuspecting persons nearby would connect to thinking they are working with the real thing. Third, using an unsecured connection could potentially be illegal for organizations in certain industries or jurisdictions.
It’s a relatively common occurrence. An employee takes his or her work-issued laptop home for the evening or over the weekend to complete an urgent task. At some point, their partner, child, or roommate, asks to use the laptop to browse the web. What the friend or relative do on the laptop isn’t always something that will happen with the employee’s knowledge or approval.
That person could very well be plugging in a compromised USB drive, visiting websites infected with malware, or downloading applications that compromise the laptop’s security. Everything from games and instant messaging applications to photo-editing software and Microsoft Office macros may seem harmless, but they could provide a doorway for an attacker to gain access to not just to the affected computer but infiltrate the company network.
Software piracy has bedeviled technology companies for years. And while tech giants like Microsoft seemed to turn a blind eye to such piracy in the past, they are now more aggressive in enforcing their intellectual property rights. The use of pirated, outdated, or improperly licensed software can, therefore, result in costly litigation and penalties for the offending organization.
Telecommuting employees, away from their supervisor’s and IT department’s line of sight, may choose to install illegal software on their device. Often, the worker does this for well-meaning reasons such as acquiring a tool that will make their work easier. Unfortunately, even if the employee installed the illegal application without management’s approval, the software developer could hold the device owner — in this case, the employer — liable.
The average laptop has storage in the hundreds of gigabytes. Think about the enormous amount of data that you could save to such memory. If a criminal stole a business laptop, they could gain access to plenty of sensitive business information. In fact, several recent data breaches can be traced to lost or stolen laptops. As an IT pro, if training your employees in laptop security and laptop encryption is not high on your bucket list, it should be.
Employees who travel a lot may sometimes go for days without connecting to the company’s network. This may cause their devices to miss out on patches needed to keep them secure from the latest vulnerabilities. If they are off the company’s network but still use the laptop to browse the web, there’s a risk of their computer being infiltrated by malware.
These telecommuting technology risks are present for work-issued devices but are much greater in bring your own device (BYOD) configurations. Remember that security is only as effective as the weakest link. If one infected device finds its way onto the network, it could render the defensive effort of updating all other devices futile.
A BYOD policy allows employees to connect to the company’s network with a personal device. However, this policy cannot be no-holds-barred. The IT team would usually clear the device for compliance with security policies. If an employee connects to the company’s network via an unauthorized gadget, they are exposing their employer’s technology assets to the malware and vulnerabilities that are present on their device.
The people you live with or who regularly visit you are likely some of your closest relatives and friends. These are individuals who you probably trust more than anyone else. So it’s not unusual for employees working from home to let down their guard when adhering to essential security procedures.
Something as simple as locking or logging out of their laptop or business applications when they step away could inadvertently give access to an ill-intentioned person in the vicinity. The individual could initiate a transaction, extract sensitive information, or delete data.
One often neglected aspect of working from home is safety. An office complex has elaborate safety procedures that ensure employee, customer, and equipment safety. Likewise, businesses must put in place appropriate measures in the physical environment the employee uses the most for telecommuting. Remember that as long as the person is working from home with their employer’s approval, an injury they experience during their work could qualify for compensation.
It’s therefore in the employer’s best interest to make a reasonable effort in ensuring the worker understands and applies safety best practices. Ideally, have them run a home safety survey that checks for smoke detectors, fire extinguishers, proper ventilation, adequate lighting, well-insulated power cords, and a sufficient insurance cover.
As the structure of the modern enterprise continues to evolve and more organizations allow their employees to work remotely, the IT department’s ability to protect and support the telecommuting environment must change accordingly.
Businesses must develop a robust remote working policy that adequately mitigates against potential technology risks. Companies should train all employees on their role in protecting the company’s hardware, software, and data assets on-premises and remotely. Telecommuting technology risks in the remote worker’s environment are a technology risk for the entire business. The key is in making sure that the telecommuter’s work environment adheres to the same security standards as that of the office.
Featured image: Shutterstock
Microsoft Build 2020 included several announcements aimed at developers and the IT community. Here are…
Using Azure Active Directory Identity Protection will boost your security. This step-by-step guide shows you…
COVID-19 is not going away anytime soon, and as Microsoft researchers have discovered, neither are…
In this first of several articles on Ansible, we give you a high-level overview of…