Despite the fact that remote work can cause security risks, a majority of IT professionals are in favor of employees working remotely. According to research by OpenVPN, 90 percent of IT professionals believe remote workers are a security risk. 92 percent also believe that the benefits of remote work outweigh the risks.
Benefits of allowing employees to work remotely include higher productivity, less time spent on commuting, improved employee retention, fewer overhead costs, and access to a larger pool of talent, explained Andrew Proctor, director of IT operations & support at OpenVPN.
“Remote work is the way of the future, and an increasing number of workers expect to have some remote work flexibility,” said Proctor. “Not only is the ability to work remotely a recruitment tool for companies, but it can also lead to less staff turnover which impacts the company’s bottom line.”
According to OpenVPN’s research, 93 percent of organizations have a remote security policy in place, but at 44 percent of organizations, IT teams aren’t involved in the development of those policies. “For the sake of your organization’s security, it’s crucial to not only loop IT into the development of remote work security initiatives, but to have them own the process,” OpenVPN wrote in the report.
Other pitfalls occur when companies have a security policy in place, but don’t revisit it to update it, or that they don’t actually enforce the policy.
One risk associated with remote workers are that the employees are not on the company network, which means they are not as tightly under the control of IT, Proctor explained.
Nowadays, there are more tools and protocols than there used to be that can allow remote workers to gain access to the company’s network. “With newer authentication protocols adopted across the industry like 2-factor authentication, it gives people more piece-of-mind when remote workers connect to their company’s services,” Proctor said.
IT teams in companies that allow remote work can put things in place to mitigate risk. First off, they need to have a VPN set up, in addition to understanding network, routing, and access control mechanisms. Other security measures to implement include intrusion prevention systems, authentication systems like 2-factor authentication and token authentication, and device management technologies that give IT professionals full control of an employee’s device.
All of these added security measures may require the need to additional IT staff to manage and maintain those systems, Proctor explained.
It’s also important to provide security training to employees who will be working remotely. OpenVPN’s research reveals that 90 percent of organizations surveyed require remote workers to participate in security training, but the frequency of those trainings varies. Twenty-three percent hold security training more than twice per year, 32 percent have training twice per year, and 25 percent have training once per year. In addition, eight percent only give employees training during the onboarding process, while eleven percent have access to an e-learning platform that can be accessed whenever.
“Initial security training for remote versus on-site employees can be the same because all employees need to understand a company’s larger network capabilities and how to access company data safely,” said Proctor. “However, with remote staff, it’s important to train for different scenarios that could pose risks. For example, an unlocked computer at home where children are around, or asking someone to watch your belongings in a public place as you step away for a moment. Remote workers need to be trained on the likely places and behaviors they might find themselves outside of the office.”