Flying in the face of workforce management trends, Yahoo and later IBM both banned remote working over the last few years. Both justified the unusual moves in the hope that spontaneous collaboration would outweigh any talent attrition that resulted from the bans.
Facebook and Apple, on the other hand, aren't against remote working. But they and many other companies, such as KPMG and Accenture, are investing heavily in offices that encourage collaborative working.
In comparison, remote workers don't need companies to invest in offices. Many studies show that allowing your team to work remotely part, or in some cases, most of the time increases productivity, reduces overheads, improves morale, and makes it possible for companies to select from a wider talent pool, much further away from office locations.
Several polls over the last few years indicate that remote working is only going to increase. Employees and employers want this. Citrix Systems expects that over 50% of U.S. workers will be remote within 3 years.
However, companies need to be aware that there are a few inherent risks with remote working. As we prepare for 2019, we need to prepare for remote working risks, especially with more employees than ever wanting the freedom to work away from the office more often.
Key Remote Working Risks (and how militate against them)
#1: Data theft
Public WiFi isn’t secure. An employee working from a coffee shop is not transmitting data over a secure network. Unfortunately, everything they're doing could be intercepted by a hacker in the same coffee shop, or even remotely. Think WikiLeaks or the Panama Papers: Would you want your companies sensitive data published online?
If we are thinking worst case scenario, that is what could happen.
With GDPR in force, the last thing your company needs is secure customer data stolen from an insecure connection in a Starbucks or WeWork.
To counter this risk: Make sure any employee working remotely logs in through a secure virtual private network (VPN). An encrypted connection is far more secure, with the option to encrypt emails and the transfer of files.
#2: Employee theft
Although everyone fears the crusading hacker or malicious cybercriminal, a greater risk comes from an unhappy employee. Someone who is willing to steal sensitive information for their own gain, such as a customer/client database. How can you prevent this?
What is to stop an employee from emailing corporate information to a personal email account?
To counter this threat: Encrypted digital audit trails. Make sure your IT and internet security teams know when anything sensitive is being accessed, with security layers depending on employee roles. Put an authorisation process in place to prevent anyone from accessing something they shouldn’t, with blocks in place to keep files within corporate IT systems and email accounts. This way, you can prevent sensitive files from going to personal email accounts and outside of the system.
#3: Zero trust approach
Accessing secure data through a VPN may not be possible all of the time. So when that isn’t possible, IT teams need to take the ‘zero trust’ approach. Employees might need to access files or emails in a hurry from a device that isn’t registered with the IT team. It doesn't necessarily mean this is a risk, but it could pose a threat. How do you prevent a cyber breach through an unexpected employee device?
To counter this threat: Verify the user. With two-factor authentication, you can ensure the person using the device is an employee, contractor or stakeholder with legitimate grounds to need access.
Next, have systems in place that can assess the device before access is granted. Are they running the latest operating system? If not, use automatic prompts to make sure they download it before they can access your systems. Asking an employee to download a VPN or security software too before corporate accounts are accessed would also reduce the risk of a cyber breach.
Raise awareness of risks and provide training
One of those most effective ways you can prevent a breach is to ensure that staff that work remotely understand the risks and know what best practice is. By educating employees and providing training to help them work safely, many risks can be averted.
Only once the policies and procedures in place can you be confident that when an employee accesses corporate systems that you’ve taken every reasonable step to safeguard sensitive data. Also to help you on this topic please read our article: '5 IT Strategies for Business Success'
If you would like to discuss how to get the benefits of remote working without exposing your organisation to cyber threats and other risks, please get in touch. You may also like to download a copy of our cloud usage and risk analysis: