It’s important to keep security in mind when working out of the office.
With mobile gadgets becoming increasingly commonplace, it's easier than ever for your workforce to access sensitive company information away from their desks. That's great for the productivity and efficiency of your workforce, but it's just as important to keep security in mind when working out of the office.
As your workforce becomes more mobile, training and education about the external security risks becomes more important. Whether it's a non-employee reading confidential company documents over your shoulder or a hacker getting hold of secure login data over public Wi-Fi, the risks are very real. With the proper policies in place you can manage security even down at the pub.
Using public Wi-Fi
Anything you transmit on a public Wi-Fi connection has the potential to be captured by someone monitoring the network. If you're using a web form to log in to your company server and it's not encrypted with SSL or an equivalent then your username and password quickly become public property.
Use SSL encryption to protect external logins like remote web access, web-based e-mail and calendars. You can run everything else through a secure VPN (virtual private network). Bear in mind though that a VPN connection only secures the traffic, not the user machine itself or the data once it's on an external device.
Company secrets and security information can easily be stolen by the wrong person looking over a shoulder, so discourage staff from working on secure documents in public.
Where possible, keep your staff on a thin client setup, with remote storage of the data. If the data is never actually stored on the mobile device you avoid duplication and greater risk of the laptop being stolen or penetrated.
Services like CloudPointe can be employed to manage full end-to-end security of your documents, allowing sharing, remote working and more without exposing your data to external threats.
There are various utilities to allow remote management of devices, and employing them is worthwhile. At the very least, if a laptop or smartphone with company credentials or information is lost or stolen then you need to be able to disable or remotely wipe the device. Make it part of your policy for corporately-owned devices to maintain these kinds of utilities.
Security and password management
Teaching users to manage their security better is one of the most important steps. Proper password use and maintenance, and tools like multi-factor authentication (i.e. remote token key fobs) are your first line of defence. Additionally, educate and supply users with centralised password management systems that encrypt their data, like LastPass for example, to prevent an unauthorised user penetrating your network with browser-saved logins.
Train your users in the use of encryption for e-mails and for local data storage. If all work documents are managed in an encrypted store, then even if the laptop is stolen you remain secure.
As you can see, much of this is down to proper user education – make sure your users understand the risks when they start doing any level of remote working and you can easily minimise your exposure. This way you get all the benefits of untethered users and remote workers while seriously reducing your risk.
This article first appeared for Lenovo here.