By Ryan Krawczyk, Senior Consultant
Remote workers come with many benefits, such as improved work life balance and increased productivity. However, there are some security risks that are unique to employees working remotely. A better understanding of the potential risks can develop procedures to better protect your business.
Personal Computers
A company owned computer likely has the appropriate firewall protection, anti-virus scanning, and may be centrally monitored by the Company. A personal computer may have the default firewall and anti-virus settings and is likely not monitored centrally. Aside from the lack of security controls, the employee may not be the only person using the personal computer. This presents the risk of a data leak, especially if a personal laptop is lost. Additionally, personal computers could potentially bring viruses or malware that an employee acquired to the Company network.
Aside from providing remote employees company owned devices, a possible solution would be to utilize virtual machines (VMs) or remote desktops. VMs are virtual computers that are hosted either in the cloud or virtually onsite. A remote desktop tool allows an employee to connect to a physical computer in the office from their personal computer. Both options can be centrally monitored and configured and would require company credentials to access. This allows VMs and remote desktops to have encrypted connections and restricts access to data to company personnel.
Unsecured Wi-Fi Network
Whether using company or personal devices, unsecured internet access is another danger of working remotely. Accessing the internet at an office may require logging in with company credentials or multifactor authentication and is likely tested annually with the Company’s penetration or vulnerability testing. An employee’s personal internet may be password protected but is less secure than working from the office. This less secure connection could be an entry point for hackers to access the employee’s computer or the Company’s network.
A simple solution to this is a virtual private network (VPN). A VPN is a great tool to create a secure and encrypted connection between the employee and the Company’s network.
If you need further guidance or have any questions, we are here to help. Please do not hesitate to reach out to discuss your specific situation.