Ever since the coronavirus started spreading across the globe, much of the conversation has been focused around working remotely.
For example, Twitter just announced that employees can now work from home forever, and there is no longer an expectation for them to return to the office. This is only the beginning of what the “new” working world will look like—where more and more companies will make the shift to remote (if not fully then partially). And while this seems like the logical next step for a workforce that was already trending in the direction of more freedom, what so many people fail to realize is the massive security challenges that are going to come with this shift.
In a matter of weeks, companies have gone from using one network distributed in their office, to having their employees use their own networks at home (with their own routers and modems and security vulnerabilities). People don’t really realize how much effort goes into building a secure network within a company. Especially for large-scale companies, tens of millions of dollars get spent every year ensuring the company’s data, and each individual employee’s data, are safe and secure.
If remote security and IT asset management (ITAM) wasn’t a priority of yours before, it should be now.
Here are a handful of issues companies are already facing, and how they can think about keeping themselves and their employees safe.
1. Create a formalized process for when employees take assets home.
If a company didn’t have a formalized process before, then right now they’re trying to track when assets like laptops, phones, monitors, etc., leave the office. Companies without a mature ITAM practice in place are using applications like Google Docs to log what assets are leaving the office, and why. These ad hoc processes can quickly turn chaotic. At Cherwell, we help companies build streamlined, sophisticated processes.
Working from home can get risky from an IT governance standpoint when assets leave the office and become subject to that individual employee’s network, workspace, etc. If you hired someone in the middle of Arizona, and they stopped working with the company, who is responsible for recovering the assets? Is that a manual process, where someone has to cross-check records against their Google Doc spreadsheet? Or, could these assets be easily transitioned to another employee who lives nearby?
Data and network security is crucial for companies, and much of it begins with the physical devices companies allow employees and contractors to use.
2. Educate employees on when to use professional devices vs personal devices.
Work-from-home culture is going to force organizations all over the world to re-imagine what it means to empower employees remotely.
It’s important to explain to employees why personal and professional devices need to be treated differently. Especially when it comes to software licensing agreements, the lines can get blurred very easily between what is “company property” and what is “personal property.” For example, if an employee uses a personal computer as a business device, and then leaves the company, what happens to the device? What risks does the company take on when an employee uses a personal device, even though it may have confidential information stored within an email or otherwise? Or, thinking in the other direction, would an employee need to share the information on their personal device (including separate intellectual property) if the device was compromised and had sensitive company information on it?
Not all employees tend to give very much thought to these types of things, since the majority of the focus is on the software side. But it’s the hardware that actually poses the most questions—which is why company leaders need to be the ones educating and defining policies for effective remote work.
3. Take steps to ensure employees’ safety while working from home
When everyone is in one office, it’s a lot easier for the company to protect the company’s network. But once employees start being distributed, the challenges change.
A few ways to think about managing security remotely are:
- Single sign-on (SSO) and Two-factor authentication should be required across all of your software-as-a-service (SaaS) applications within the company. This secures your organization’s data from unwanted access.
- When you set up Zoom calls, enable the password feature as a secondary layer of protection.
- This is uncharted territory for companies, but it will become more and more common as remote work becomes destigmatized: location tracking. It’s important for companies to track where their devices are, so they can act quickly if a device is compromised, lost or stolen.
- Educate employees on best practices for keeping their devices safe and secure. There should be policies in place for working from home, and not, say, leaving your laptop open with your company Slack active.
As the country, and the rest of the world, attempts to re-open offices and come back to work, many companies will emerge from this pandemic deciding to incorporate remote work processes into the future of their organizations. As this trend continues, it’s important to start thinking now about how to mitigate risks, improve processes, and empower employees in the right ways.