29 Jul IT Security Concerns for Remote Workers
At the start of quarantine and social distancing, employers gave their employees the option to work remotely if possible. Some employers may have previously considered dabbling in the remote field but had not taken the plunge until now. Not only does this allow employers to keep their vested employees and maintain productivity, but it allows the employees to keep their jobs amid a time of uncertainty.
Remote workers allow the business to continue as usual, with little to no effect on productivity, which is what makes working remotely so successful.
Unfortunately, there is a downside to remote workers: ensuring IT safety.
With remote workers, your IT department will need reliable security and procedures in place to make sure that sensitive information does not fall into the wrong hands.
Just a few ways proprietary information can be leaked:
-Employees using a public unsecured network to access email, files, programs, etc.
-Falling for convincing “phishing” emails and providing sensitive information like credentials on a fake website
-Offboarding; when an employee leaves a company, they can leak sensitive proprietary information before their severance or continue to have access to information if their access has not been revoked
-A lack of on-premise security resulting in vulnerable databases and files
-Using an improperly configured VPN (virtual private network), giving users a false sense of security and bad actors easy access
-Allowing all remote workers to have access to all files, databases, and programs, rather than the programs that are specific to their jobs (Relying on security through obscurity doesn’t work)
-Using an old outdated firewall where rules and ports are not regularly reviewed.
First Things First: Assess the Business for Security Concerns
To make sure your proprietary information does not get leaked in one of the above-listed ways, you should have your business fully assessed for security concerns with a professional to determine where your weaknesses are.
This assessment should determine bandwidth or connection speeds to make sure the connectivity is sufficient for the number of remote users requiring access. The security assessment should include both on-premise weaknesses as well as remote weaknesses.
On-Premise Security Assessment
One of the most effective ways to protect your proprietary information is to determine if there are any security weaknesses on-premise. Security weaknesses on-premise can be as detrimental for your business as weaknesses that are found off-site.
Remote Security Assessment
Protecting proprietary information for remote workers will include establishing adequate bandwidth for your remote employees to use, training the employees to understand the difference between encrypted Wi-Fi and non-encrypted Wi-Fi, and making sure your employees always check email on a secured network.
Another area that will need to be assessed is your company’s licensing agreement with the software programs your company is using. This will determine the number of remote licenses the business has to allot to the remote workers.
Depending on the number of remote licenses will determine if you need to make modifications to the licenses to remain in compliance with the software company.
Oftentimes, licenses are purchased for a specific number of desktop PCs rather than laptop PCs. Because of this, licenses have now shifted from being compliant to being incompliant because of the licensing agreement.
Failing to comply with the licensing agreement of software can result in an audit by the software company and cost you heavy fees to become compliant, especially if it is a second offense.
Offboarding Procedure Assessment
Additionally, your company should have an offboarding procedure in place when an employee leaves the company. This should include revoking all of the employee’s access to databases, files, programs, and emails to ensure that they do not have access to proprietary information.
The offboarding procedure should include having a plan in place to retrieve all technology that was loaned during the job, including cell phones, laptops, and tablets.
How to Protect Proprietary Information
The information you use to build and run your business should be yours and no one else’s. Therefore, it should be protected as such.
To protect your proprietary information from getting in the wrong hands, you should implement the following protocols:
1. VPN Network Security. You will need to make sure your remote network is secure so that there are no vulnerabilities or exploits for hackers to take advantage of.
2. Establish a Strong Network Connection. The remote network will need to have adequate bandwidth and proper connections to ensure it is secure. Make sure the network located on-premise is protected. The remote network can only provide as much protection as the on-premise network requires, so make sure the network connection on-premise is secure.
3. Train Employees About Public Wi-Fi, Secured, and Unsecured Networks. Not all wireless internet connections are the same, and your employees should know the difference. Public Wi-Fi is often unsecured. When you use public Wi-Fi to access sensitive files, programs, and emails, the data can be exploited by other users, potentially breaching the data. To make sure your employees keep proprietary information safe, make sure they know to always access a secured network when working.
4. Explain the Offboarding Procedure to New Employees. As soon as a remote employee is hired, explain the process they will go through if they leave the company. Remote employees should know that there is a procedure in place when they leave the company, and that procedure should be explained. Implement a policy of revoking an employee’s access to the files, database, and program within the company. Further, explain that all technology that is loaned to the employee during his or her tenure will need to be returned to the company by a deadline date that you provide. This will help ensure the privacy and integrity of the company is protected.
5. Licensing Compliance. Don’t find yourself out of compliance with the software companies you use. If you are switching users from desktop PC connectivity to laptop PC connectivity, the license will need to be updated to reflect the change. Without updating the licensing information, you will be out of compliance with the software company and potentially owe big bucks in fees to comply.
To ensure that your proprietary information is safe and secure as it should be, you should consult with an IT security professional to perform an assessment. The assessment will determine if there are vulnerabilities, exploits, or other weaknesses that your on-prem or remote network contains. If the on-prem or remote network contains exploits, secure the exploits immediately so that the sensitive information stays where it should: in your hands.