With the increasing prevalence of Cloud computing, remote working has become almost mainstream these days. Most employees now expect to have more flexibility in the way they work, and as a small to medium sized business, you probably know that to attract good talent you need to be open to the ‘work from anywhere’ approach.
Whether you are just starting to think about cloud transformation or have already started the process, you should consider the risks of remote working and take a proactive approach to protecting your business data.
How secure is your data?
In working with small businesses, we’ve seen that the following is a common scenario. An employee asks if they can work from home for part of the week, or while they are on the road visiting customers and want to access your network. It seems like a natural response to just say yes without thinking about the many possible pitfalls involved.
Don’t under-estimate the value of your business data. Think for a moment about the risks of losing that information or what would happen if it fell into the wrong hands. It could bring your business to a standstill, you could lose valuable intellectual property, it would affect your ability to service your customers and could expose you to legal risk. The good news is that the risks of this scenario can be minimised with some forward thinking.
Plan your remote access policy
If you are setting up remote access working for your employees, here are four key steps to consider
Establish a Policy
Before you provide anyone with remote access to your network, create a data security policy. This doesn’t need to be complicated. Think about what data can be accessed and who can access it. For example, some data may be off limits for everyone working remotely, or you may want to provide different people with access to different categories of your data. Also consider the type of devices that your employees use while they are offsite, e.g. should they be allowed to use their own laptops?
A simple one page document is all that you need but you should take steps to educate your team so make sure that the policy is communicated properly. Everyone using your network needs to understand the day-to-day risks of accessing data and the important role they play in managing this. Like many small businesses, you probably rely on trusting your employees and having an honesty based system, e.g. restricting remote access to certain devices. However, you can also use technology to protect your business, as outlined in the next point.
Set up a Gateway
Are you leaving the front door to your business wide open to viruses or hackers? Without the right controls in place, allowing remote access makes your data more vulnerable to attack. Imagine a row of houses where some have locked gates so you can’t even reach the front door, some have open gates but the front door is locked, while others have their gates and doors wide open. Which ones are most at risk to an unwanted entry? By allowing direct remote access to your on-premise servers or PCs you are like the house with the unlocked front door – virtually anyone can come in.
With a gateway such as a Virtual Private Network (VPN), you can control who comes in and what they have access to. Once someone’s ID has been verified and entry granted, a gateway can control where they can go within the network – for example, to their PC but not the CEO’s computer, and what functions they can perform. A VPN set up can also help you track who goes where (or attempts to).
Consider saying no to BYOD
The Bring your Own Device trend has the potential to cause problems for many SMEs. You can control most aspects of your company’s computers but when staff want to use their own devices you lose much of this control – even with a gateway in place. For example, you can make people have the right antivirus program installed before granting access, but it’s more difficult to control what information is downloaded and where it is stored. This could include innocent looking files which could cause havoc within your network.
Ban or restrict Public WiFi
Today’s smartphones and laptops are often set up to scan for and automatically connect to public WiFi networks which are unencrypted and can leave your information open to interception. Ensure your team knows the risks and that your policy states that these should not be used unless with a Gateway or not at all. Mobile phone data connections are a much better option.
While this article focuses on remote working, it’s important to take into account other areas which can reduce security risks, for example the importance of good password management. Educate your team on password good practice techniques including the risks of social engineering – the use of deception to access sensitive information such as passwords.
Manage the risks before reaping the benefits of remote access
There are many benefits to allowing your workers to work remotely such as happier and more productive employees, however you do need to consider the risks to your business. Once you map out your ‘work from anywhere’ policy, you’ll probably find that the actions to take will flow from there. However, if you need help making this happen speak to Correct Solutions – we’ve had a lot of experience working with SME customers on these aspects of their businesses.
Think of Correct Solutions as your IT partner – we can help you set up the right structure and processes, especially regarding BYOD and remote working, to enable the flexibility your business needs while helping protect one of your most valuable assets – your data. Get in touch with us 1300 267 765 today and be sure to follow us on LinkedIn for more updates and insights.