It is common knowledge that rapid advances in technology are changing the way that people live and work. As Millennials make up an increasingly large percentage of the workforce, businesses have had to hastily adapt to the shifts in the modern office environment.
The most significant change of recent years, mobile working, has already started to become normalized. Over 70% of workers globally already work away from the office at least once a week.
This change is popular for a number of reasons that benefit both the wider company and individuals. For example, the ability to minimize commutes and the flexibility to work around domestic commitments can lead to improvements in work-life balance and wellbeing, meaning that when it is time to work, staff are refreshed, focused and more productive. Avast Business’ Mobile Workforce Report 2018 found that 59% of workers felt they were more productive outside the traditional office environment and this contentment is also linked to drops in absenteeism.
While there are many benefits, companies may not be fully prepared for the speed with which these changes are taking place and the prospect of mobile workers accessing company data from coffee shops are likely to set alarm bells ringing for management. But should it?
Is there an inherent risk to mobile working?
The main reason for concern is a lack of preparation. In many cases, company cybersecurity has not been updated at the same rate technology has evolved, leaving a gap between employee expectations and the practical security considerations of a company.
Data will need to be protected in the same way as it would in a traditional office, but as these devices are operating outside of the physical office, responsibility for security needs to be placed on the individual user.
Often it is human error, rather than a coordinated, international cyber-attack, that is the cause of data breaches. This means that a refreshed company-wide policy is required to ensure that education and confidence around flagging potential issues are universal. Without this, simple mistakes such as sending documents to incorrect emails and being fooled by phishing attempts could see even the finest security software undermined by a simple backdoor.
What can businesses do to secure mobile workers?
For any company that allows mobile working, a Bring Your Own Device (BYOD) policy is essential. This policy, which would have to be agreed with staff before they begin working remotely, can make clear what is expected of the individual in return for the freedom to take more control over when and where they work.
An effective BYOD policy will encourage employees to take on increased personal responsibility with regard to online safety. From using strong passwords and two-factor authentication, to updating security software and installing patches, many of the most common breaches can be stopped if employees are willing to do their part.
A controversial option is the use of Mobile Device Management (MDM) software. On the surface this allows the company an element of control over staff devices so that they can ensure security updates have been installed, and erase data from devices that are lost or stolen. However, many staff may feel that this encroaches upon their privacy is being.
If MDM software is a requirement of your BYOD policy, its implementation should be transparent so that staff understand exactly how the software works and its purpose.
As much as software is a vital element of business security, even the most up-to-date systems would be unable to prevent an unaware member of staff responding to a suspicious email with their login credentials.
With Spear Phishing attacks increasing by 50% in Q4 of 2017 alone, they are becoming harder to detect and increasingly common. The solution is a cybersecurity policy that is proactive on all fronts; this means that employee training should be treated as a priority, alongside maintaining fully patched and updated security software.
Remote workers at all levels of the business need to be trained to improve their vigilance and adherence to security procedures. This doesn’t need to be complicated, but should include the ability to identify a potential phishing attack and the confidence to know what to do should malware appear on the system.
This training needs to be updated regularly to ensure everyone is comfortable with the latest developments and changes in process to combat new risks. By making sure nobody is left behind, the base level of security knowledge in your business will improve, reducing the risks of human error.
VPN and security software
If a public connection is the last resort, a VPN service is an essential tool. A Virtual Private Network (VPN) will not only hide your location and browsing activity, but will also protect your traffic with end-to-end encryption.
If an unwanted third-party did try to view web traffic protected by a VPN, the high level of added encryption would mean that anything being sent or received remained secure – and completely unintelligible to outsiders.
Despite providing a number of positive benefits, mobile working can also increase the risk of a data breach. Balancing the needs of company security with the increase in mobile working and individual privacy sounds like a daunting task, but if staff and employees are able to work together as part of a concerted effort to improve security best practices, everyone in the company will benefit.