According to a 2014 study by the Society for Human Resource Management, more than 60 percent of companies allow employees to telecommute at least some of the time. Allowing employees to work from home (or any other location they choose) has been proven to benefit those companies that allow it, increasing employee satisfaction while simultaneously increasing productivity and employee retention rates.
However, for all of the good news about telecommuting, there is also some bad news. For all of attention that companies pay to security within the confines of the office, in the majority of cases, employees who telecommute aren’t held to the same security standards. Consider, for example, that one of the largest data breaches in recent memory, which exposed the personal details of thousands of VA patients, stemmed from the theft of an employee’s laptop from a parked car.
It’s not just physical theft that puts sensitive data at risk, though. Often, telecommuting employees connect to servers using unsecure networks, use unsecure devices (a growing problem in the BYOD environment), don’t follow password best practices, and engage in any number of other risky behaviors that put their employers’ data and networks at risk.
Upon learning about the risks that allowing employees to telecommute can create, many employers may be tempted to recall all employees back to the office and forbid working remotely. However, such a knee jerk reaction isn’t always the best one, and there are ways that you can support telecommuting while still keeping hackers out and data from falling into the wrong hands.
Virtual Private Networks
When employees access your network from any connection, they are opening up the possibility of hackers gaining access as well. Establishing virtual private networks (VPN) not only controls how employees access your servers, it also encrypts data and gives you more control over what employees can access on the network. With a VPN, you can channel traffic to certain areas, so that only employees who have a “need to know” clearance for specific data have access to it.
While BYOD is the hottest trend in IT these days, when employees telecommute, allowing them to use their own devices can open up a security can of worms. Employees who supply their own laptops, phones, and tablets feel — rightfully — that they can do whatever they want on them. So while they may use their computer for work Monday through Friday, on the weekends they shop online and download games and other applications that put the machine at risk for malware that can give hackers access to your company. By providing equipment, you can place stricter parameters on acceptable use, while also allowing you to ensure that all security tools and patches are up-to-date.
Invest in Secure Collaboration Tools
When it comes to telecommuting, many companies are still stuck in the 1990s, using outdated and inefficient technologies to allow for remote work. By investing in collaboration tools such as those available from KBZ, companies can enjoy the benefits of a productive workforce and the increased creativity and energy that comes from working remotely, while still ensuring the security of their business.
Companies that rely on old technology, or tools that aren’t necessarily designed for secure collaboration, are at a greater risk of a breach than those that put resources toward making their telecommuting program as secure and productive as possible.
The number of companies that do not have strict security policies for telecommuting employees is startling. It seems that many businesses simply trust their employees not to do anything that would leave the company open to attack. While the vast majority of employees would not deliberately put their employer at risk, the fact remains that most major data breaches occur due to employee mistakes such as poor password management or downloading malware.
With that in mind, a successful, secure, telecommuting program must rely heavily on strict policies regarding acceptable use, access, password management, and device protection. For example, requiring employees to lock their devices using passwords or biometric authentication can go a long way toward preventing unauthorized access should the device be lost or stolen.
Employees should also understand that if their equipment falls into the wrong hands, it will be remotely locked or wiped (yet another argument for company-supplied equipment and/or a strong mobile device management program). The consequences for not following policies need to be meaningful and consistent as well, with loss of telecommuting privileges or even possible termination for violations.
As the ability to work from anywhere becomes a determining factor for many job candidates, companies that wish to attract top talent must accept that telecommuting may become part of how their employees work. However, they cannot do so at the expense of security. Treat remote security with the same care as you do on-site protection, and avoid a costly breach.