Maintain data security when staff is working from home

The coronavirus pandemic has left governments floundering, businesses unprepared and citizens scrambling for hand sanitizer like it’s worth its weight in gold.

The sense of general unpreparedness has a lot of people on edge. Not surprising, since we’re on the edge of a global health emergency and it’s impossible to predict exactly how government, travel or day-to-day business will operate during this outbreak.

Many tech companies already allow their staffs to work from home. Remote work policies are increasingly popular across the tech industry as companies push flexible working arrangements. In doing so, these companies have to prepare their IT infrastructure to accommodate remote working.

Granted, setting up a company to allow remote work is not an overnight job. It requires time and effort — but more importantly, investment and budget. It’s an even bigger task to do it securely and without opening a door for hackers to walk in. But with the coronavirus spreading, now’s a better time than ever to roll out a plan.

Secure your remote setup: The basics

Remote work has one fundamental security principle: Let in the right people to do the right things. In other words, your employees need to be able to do their jobs as if they were at the office.

It’s not just letting users access their emails and files in the cloud — it requires identity and access controls, strong password policies and setting up two-factor authentication. Some companies are doing this already. Google takes a “no extra trust” approach to its workforce. By that, it means that just because you’re in the office or on the corporate network, you don’t get any special treatment. You still have to two-factor your way into the systems. On the plus side, Google has a completely mobile workforce that can be run out of a Starbucks if its employees need to.

TechCrunch’s Romain Dillet has a good guide on how to secure your startup and Greg Kumparak has a list of things companies should think twice about.

Set up an enterprise VPN

You’ve probably heard a lot about virtual private networks — or VPNs — in the past year. They claim to give you security and anonymity (they don’t). In fact, their original purpose — letting remote employees access resources on the company network as if they were there themselves — remains the most valuable reason for having a VPN. We’re not talking about the consumer VPNs that secretly track your every move. Enterprise VPNs are exclusive to your company and your staff.

Not every company will need a VPN. But if you have services or systems behind the corporate firewall, you’ll need one. If you don’t know where to start, Cloudflare launched the Open for Business Hub that offers a number of services to help small and medium-sized businesses get started.

Remember, VPNs — like any other software — can contain bugs and security flaws, so make sure you keep your systems up to date. Don’t forget to enforce strong access policies, like logging and enabling two-factor authentication.

Unchain your staff from their desks

Now that you have your systems set up to allow remote work, make sure you’re offering your staff the equipment they need to do their jobs. That’ll include laptops and perhaps dedicated work cellphones with an accompanying plan. Swallow the cost — it’ll be expensive — but you might at least reduce the loss by switching the office lights off while nobody is there. You also may be able to write off the purchases as an operational expense.

It’s unfair to assume that all of your staff are already equipped with their own laptops or work phones. And no full-time employee for a respectable company should have to pay out of their own pocket for a laptop or their phone bill for business purposes. Not only that, staff using for work purposes personal phones that contain data-vacuuming and privacy-invading apps can put your corporate data at risk.

Devices will break; what’s your replacement strategy?

Those dedicated work laptops and cell phones remain the company’s property. It’s within a company’s right to lock them down according to their own security policies.

Many use a central hub called a mobile device management server — or MDM — which acts as a gatekeeper and controller of your entire fleet of remote devices. You can set strong password policies, block access to malicious websites and ensure that only your work laptops can be used to access your VPN server. Not only that, it means you can set up all of your laptops in one go with one policy, saving your IT staff time in setting up each individual device.

With that in mind, you also should consider how your IT staff can work remotely for other remote workers, as well as developing a device replacement strategy. That means not if, but when accidents happen, you can send out a new laptop and have it configured as soon as it’s booted up.

And don’t forget to consider your employees’ internet connections

Whether your office is in a busy metropolitan hub like New York or San Francisco, your staff are often not. Many commute from far and wide from the suburbs or the sticks where internet service is often less reliable — or fast — as in the inner-city.

Cell service may be better than home internet connections. You may want to buy hotspots and data plans for the workforce that requests it. As more staff are asked or forced to work from home, there’s no telling what stress that might have on the internet infrastructure, such as network congestion and slower speeds. And for those working from home, allow them to expense their internet connections. It’s crucial for staff who might go over any data caps as a result of their remote work. Remember, it also may be an operational expense you can write-off at the end of the year.