Skip to main content

Overcoming the security challenges to remote and mobile working for SMBs

(Image credit: Image Credit: Eugenio Marongiu / Shutterstock )

Thanks to advances in mobile technology we’ve seen an increase in remote working, whether it be a formal arrangement or an ad hoc basis. More and more employees are tapping into company data from client locations, hotels, home offices, public Wi-Fi networks and sometimes even from the comfort of a sun lounger by the pool. However, as the number of employees working remotely increases, so does the risk of cyber-attacks and data breaches, and the task of securing machines and data becomes increasingly challenging. Humans are inherently the weakest link in an organisation’s security, with the average total cost of a data breach in the £3 million range. It’s important that businesses effectively manage their security and understand the areas which may leave the IT network, systems and devices vulnerable.   

This is especially important for small businesses, as they extend the security boundary beyond office walls, potentially exposing their data to risks which are challenging to manage. Remote working can earn businesses serious competitive advantages, as employees feel more in control of their working day and productivity. However, most companies can’t guarantee that employees will always access accounts and applications securely, but establishing policies and procedures in advance is key to effectively mitigating the risks.   

Keep mobile devices and laptops safe 

Although it might seem like an obvious piece of advice, keeping business resources safe really is the first line of protection against cyber criminals. Whether your employees are working on public transport or in a coffee shop, remind them to stay with their devices at all times. This starts with keeping operating systems and applications up-to-date, but should also include a hard look at how the devices are configured: you want to minimize the threat surface of a laptop or even mobile phone by locking it down.   

Secure collaboration in the Cloud   

Cloud computing has brought about many benefits to the enterprise, including improved collaboration, which is almost certainly the catalyst for the type of remote and mobile working we’re seeing today. Collaboration technology such as video conferencing and file sharing has enabled employees to communicate more efficiently with one another as well as increase productivity. However, it’s important to address the security challenges this type of technology can bring.   

The first stage towards secure cloud collaboration is to evaluate and classify all data being shared. That way it’s easier to understand the security and compliance priorities. Secondly, before adopting a cloud-based collaboration system, it’s important to research the various providers on the market – in order to have confidence in their ability to securely manage the businesses data. Think about the kind of infrastructure they offer, where their data centres are located and how they’re secured? Answering questions like these, will provide a clearer picture of how well-guarded the businesses data will be, wherever it’s accessed from. 

Cloud and SaaS providers are always introducing new security measures, like ways to prevent remote users from downloading or printing sensitive data. While the battle against security threats is always ongoing, the prevalence of flexible working means that cloud platforms are designed with built-in security features for remote workers. 

Issue guidelines around using a personal device   

As remote working becomes more accessible to the workforce, employees are increasingly using their own devices when working. Work and personal is more integrated than ever before, and employees want to be able to access their services wherever they want to, at their own convenience. While this has many benefits for both the employee and the company, it also comes with a risk. For example, if employees attempt to access company data via public Wi-Fi they be unknowingly exposing corporate accounts to risk. Device loss and/or theft is also a huge factor in creating data risk if the proper authentication methods and locks have not been put in place. Therefore, companies should educate their employees on the risks involved with using personal devices and make the proper safeguards available for employees to protect themselves.   

Restricting the use of public Wi-Fi   

This brings us nicely onto the topic of Wi-Fi. There’s no doubt that it’s drastically changed the way we work, providing employees with the flexibility to easily work away from the office. While more locations are giving away free Wi-Fi access such as coffee shops, restaurants and conference centers, it’s important to remember that these networks are often unsecure and vulnerable to malicious attacks. Although it’s good practice to instruct employees to only connect to trusted networks, in reality it’s not always a viable option. Advise employees not to avoid connecting to public Wi-Fi networks when accessing sensitive or business critical information. Also provide your employees with corporate VPN solution (either from a trusted Cloud VPN solution, or your own) so that they can protect their data when on public networks. It’s important to reinforce that the convenience of free Wi-Fi comes with some real threats whether it be computer viruses or the theft of data – public hotspots allow anyone within the area to potentially read data that’s not addressed to them. 

Enforce basic password requirements   

Naturally, humans resort to using the bare minimum required when creating a password, and this doesn’t change in the workplace. Because of this, it’s important that businesses establish password requirements, such as minimum length, and complexity. Employees should also be strongly discouraged from using “simple” passwords, such as birthdays, pet names, or common number sequences, such as 123456.   

Additionally, password managers such as LastPass, provide a secure way to generate long, complex and unique passwords without relying on employees to remember them. Better still, using a password manager to store passwords encrypts the data and enables the organisation to share company log-ins without revealing the actual password.    

Get to grips with two-factor authentication (2FA) 

Two-factor authentication is one of the most effective and simple methods to protect your online accounts beyond a strong password. In addition to entering a password, 2FA users must enter a second piece of information to gain access to their accounts, such as a one-time code sent via text or app on your mobile device, or even using fingerprint. Regardless of the form two-factor authentication takes, it ensures that hackers cannot break into your email, even if they have your password. Increasingly, organisations are seeing the benefit of 2FA, and implementing it centrally as part of wider security policies.    

These controls are not a perfect solution, but most of them can be easily implemented by IT and the end-user. In the long run, users and IT practitioners need to review their security posture and measures on a regular basis, and improve them where it lowers the risk or cost, or improves overall security.

Gerald Beuchelt, Chief Information Security Officer at LogMeIn   

Image Credit: Eugenio Marongiu / Shutterstock 

Gerald Beuchelt
Gerald Beuchelt is Chief Information Security Officer at LogMeIn. Previously, Gerald was Chief Information Security Officer at Demandware, a Salesforce company. Preceding that he was a Security Engineer at MITRE.