Employees working remotely still need access to enterprise systems and technology in order to do their job while they’re away from the office. However, with the rise in telecommuting also comes a rise in the security risks that employees and businesses may face. Although these issues aren’t serious enough to put an end to telecommuting, companies that allow employees to work remotely should be aware of these risks and how they can take steps to mitigate them.
The Risks of Remote Access
The convenience of telecommuting also brings with it vulnerabilities and security issues. For example, the massive 2013 breach of the retailer Target, which resulted in the theft of 70 million credit and debit card numbers, occurred after
hackers gained access to the Target network using the remote access credentials of a third-party HVAC vendor.
Although a company’s IT department can manage security on the enterprise end, managing security on the remote user’s end is much more difficult. Many employees who work remotely use their personal computers, smartphones and tablets to connect to their enterprise network. However, employees might not maintain the same security standards on their personal devices that they are required to maintain at work. Personal devices can suffer from problems such as weak passwords, no antivirus or anti-malware programs, or lack of security patches and updates.
The Target breach and other massive data breaches, such as the
2014 cyberattack on Home Depot, show the risks associated with providing system credentials to a third party. Companies who share data with third-party vendors and contractors should make sure that these third parties follow the same stringent security policies that are enacted internally within the organization.
Mitigating IT Security Risks in a Remote Access Environment
Although remote access presents a host of security risks, mitigating these risks is both possible and necessary. To begin with, remote access is a privilege, not a right. Only those employees who need remote access for their job should be able to use it, and they should only have access to the systems and information that they require.
Companies should ensure that both their network and the user’s device are up-to-date and using adequate protection such as firewalls and antivirus programs. In addition, remote employees should use Virtual Private Network (VPN) software that deploys point-to-point encryption to connect to the company network in order to protect the exchange of sensitive information.
If at all possible, users should verify their identity with not only a password but also another validation method. Passwords are a relatively weak method of authentication, but when paired with another identifier, they can provide additional security. Identifiers might include security certificates, security tokens, confirmation codes sent to the user’s phone or email, or biometric identifiers such as fingerprints or voice recognition.
Two-factor authentication constructs an additional barrier that requires would-be hackers to attack the authentication mechanism via multiple approaches.