The growth in digital tools and technologies means that entire businesses can operate without physically housing any staff on-site.
Flexible workforces can operate using remote internet connections combined with software that schedules and monitors work.
The business benefits of remote work
There are huge benefits to small businesses in adopting these remote work opportunities; primarily a reduction in fixed overheads.
Small businesses don’t need as much office space. They don’t need to heat, light and power large banks of desks.
And they can even adopt more flexible employment contracts for remote jobs, which are cost-effective for the business and responsive to need.
The context of security concerns
However, for every benefit that a remote workforce brings, there are also security risks.
Remote workers are, by definition, working away from the site. So however strong the on-site IT security may be at a small business premise, there is no guarantee that the remote worker has similar controls in place.
If a data hack occurs and customer data is compromised, the risk to the business can be huge:
1. Customers may need to be compensated.
2. There may be regulatory fines and investigations.
3. The reputational risk may be so great that the business can no longer exist at all.
Let’s investigate this in more detail.
Security concerns for remote workers
The main security concerns for small businesses and remote workforces are:
1. Use of public WiFi when trying to access company data and systems – for example, when employees are working at coffee shops, train stations, whilst travelling and so forth.
Public WiFi is now so ubiquitous that most public areas offer it – but without any safeguards.
Public WiFi simply isn’t secure and hacks are common.
Your employees might not even know about the breadth of snooping, spying and direct hacking attacks that frequently occur on these unprotected systems.
These include Man In The Middle (MIM) attacks, ‘rogue twin’ attacks (where a public WiFi network name looks to be legitimate, but is, in fact, a hacker network), AirCrack-NG tools which extract user passwords, passive sniffer tools which steal data, worms, fake apps… the list goes on!
2. An inability to enforce security practices for remote workers
3. The risk of physically losing company IT assets – A 2018 Imation Corp survey of 1,000 businesses found that a third of workers admitted they had lost a business asset when working remotely.
4. Passwords – in the same survey, 30pc of remote workers said that they didn’t use passwords to protect data.
5. The impossibility of managing remote worker practices.
For example, surveys have found that remote workers are less vigilant about security than they would be in an office, and do things such as open rogue attachments, use non-secure devices to access business data, lend company devices to friends and family and hack into their neighbour’s wireless internet networks.
There is also no guarantee that remote workers will take necessary safeguarding steps such as downloading the latest software updates.
How to protect against these risks
1. Use a VPN
A Virtual Private Network allows your remote workers to operate online safely and securely bypassing all data through a secure digital ‘tunnel’, by masking IP addresses by re-routing data to another server, by adding encryption and using other security technologies to further add layers of protection.
VPNs work by adding a piece of software to the user’s device – whether it’s a smartphone, tablet or desktop computer – so that every digital action is encoded and protected.
It’s as though the user was never even online – meaning that even the most sophisticated hackers, snoopers and eavesdroppers can’t access company data, passwords and assets.
We have the latest list of paid for and free VPNs, fully researched and rated so that you don’t have to do the legwork! Our recommended VPNs offer the security and safeguarding that your small business needs to be compliant and safe from attack.
2. Put strict policies in place
Remote workers must be managed in the same way as on-site staff. Ensure that they physically come in for IT security training and re-training on a regular basis if necessary.
Be clear about the security protocols and enforce them.
If staff are found to be in breach of those protocols, there must be clear consequences.
Bear in mind that your entire small business could be compromised if poor security practices lead to a data hack.
3. Separate devices, separate purposes
Ensure that staff are only using their work devices for work purposes.
Social networking and activities that use personal information must be carried out on personal devices.
4. Housekeeping
Schedule IT ‘housekeeping’ days for all remote staff and send them videos that explain how to do this – updating passwords, checking that software updates are complete and so forth. Provide an easy checklist and check that actions are completed with sound management.
5. The Cloud
Use secure cloud-services to run business software, so that data is doubly protected – first via the VPN and then in the cloud. Don’t allow things to be saved on a laptop hard-drive for example.
6. Project closures
When projects finish, encrypt client data, back it up securely and then erase it. Don’t store private client data on external devices unless it has been encrypted.
7. Invest in security software
There are some great software packages and tools on the market that provide firewalls, anti-virus applications, device encryption and web filtering software alongside your VPN service.
Invest in these, gaining the support of an IT security expert if necessary to make recommendations for your business.
8. Be vigilant
Remember that devices can also be physically swiped when remote workers are meeting clients in coffee shops, working in public spaces and so forth.
Regularly remind your workers to be vigilant and keep communicating on the subject of IT security and the responsibilities of every staff member.
By putting in place the right technology, management policies and practices and a culture of communication about IT security, you can better safeguard your business from hackers!