Security in remote working culture
As being stuck in the current no-way-to-go scenario in isolation we've decided to do one short awareness-like post on the subject of security on home/remote office setup. A lot of us have moved the work environment to our homes and with that came a few more responsibilities.
Just like traditional workplaces, remote and mobile office setups often demand well thought out security processes. Depending on the type and size of an organization, those can be as simple or as complex as necessary, but ignoring them altogether is a surefire recipe for disaster. Even a few basic rules that get established can make a significant operational difference early on.
Full disk encryption
Completely encrypting all remote employees’ computers, laptops, tablets, and cell phones is usually the first course of action and is of the utmost importance if those devices are to be used mostly outside of the office. Many of these devices occasionally get stolen or misplaced while carrying a trove of confidential and sensitive information. Using well-established encryption subsystems on an operating system level, such as Windows BitLocker or macOS FileVault ensures that critical data is safe from the prying eyes at rest. It also makes disposing of the devices once they reach the end of life much easier. Encryption should be enforced for all kinds of removable data storage devices just as vigilantly.
The data may be encrypted on the devices, but it needs to stay safe in transit as well, especially in remote-first companies. Using encrypted connections, even for internal company environments adds another layer of security by obfuscating sensitive information while it passes through internal or public network infrastructure and is as safe from various kinds of eavesdropping. Using modern TLS protocols for HTTP-level encryption in combination with a VPN solution should be sufficient for most organizations. It makes it all the more critical in remote environments.
Centralized device managemement
Having all company - related equipment administered from a central location can ensure all devices are encrypted and safe at all times, both remote and in house. Investing in a robust device management and provisioning system should be very high on the list of priorities.
Special considerations for international travel
Sensitive information may be encrypted at all times, but in the case of international travel on business, it can still get leaked inadvertently. In many countries, international border crossings are in separate jurisdictions and domestic privacy laws may not apply in all cases. In such situations, leaving sensitive information on a company intranet and enabling Travel Mode in password managers is usually a wise thing to do. An employee can always download the necessary information again once immigration formalities are sorted out. Also, having an immigration lawyer on stand by in a destination country can make all the difference at times.
Constant improvement and education
At the end of the day, every system is as secure as the weakest chain within it. Taking the time to educate all members of the team on proper data hygiene and security processes is paramount. Making the annual or semi-annual revisions of all security subsystems and processes can help an organization stay on track with the recent security trends and improvements. Constant technological improvement paired with continuous training of the company workforce for new and emerging security trends and technologies ensures the company stays on the safe side of doing business remotely.
Make sure to check out our other tech blog posts!