The toothpaste is out of the tube, and there’s no putting it back in. I’m talking about working from home. At first, employees were very quick to frustration, suffering an inability to work productively or even have the right equipment for the job. Eventually, however, things settled and this new normal has found a larger percentage of people enjoying the flexibility and freedom associated with working from home.
In fact, according to a Gallup poll, nearly two-thirds of workers in the United States who’ve been working from home would prefer to continue doing so. That’s a significant number, one that can’t be ignored. The bottom line is, for companies to keep all of their employees happy, working from home will have to be a permanent option. Removing the ability to work from home will most likely increase attrition rates, leading your company to have to hire and train new employees.
Is that a preferred route, especially given the numbers clearly indicate people want to work from home and can be as productive as they are in-house? I doubt it. In fact, if you’re looking at a significant number of employees willing to leave simply so they can find an employer offering work from home options, the future of your workforce becomes clear. Working from home is here to stay.
To that end, how do you help your remote staff work more securely? This should be a very important question to ask. After all, you probably have employees working with sensitive data, or you might have PHP development projects hired out to third-party developers. No matter what your remote staff is doing, they need to be able to do it with an acceptable level of security.
Let’s see what you can do to help those employees out with some tips we’ve gathered throughout the years working remotely at BairesDev.
This should be a no-brainer for every business. If you’re not already enforcing strong password policies, it’s time you start doing so. It’s bad enough when you have staff using weak passwords from within your LAN. To allow remote users to employ weak passwords is a glaring mistake that is asking for serious trouble.
With those employees logging into remote servers or services using weak passwords, it’s only a matter of time before a hacker is able to use those passwords against you.
Even if you can’t employ software-based password policies (that automatically enforce the use of strong passwords), you should have a written document that clearly lays out the company policy on passwords and that must be signed by all employees.
This is the easiest thing you can do to gain the most amount of security.
This one is a bit trickier because how it’s done will depend on the hardware used by your staff. And because their home networks will all use different routers, you can’t set a default policy. You can, however, have your IT staff guide your remote workers through the upgrading of their router firmware.
Why do this? Simple: routers with outdated firmware are much more easily hacked. That’s all you need to know. Because of that, it’s imperative that router firmware always is up to date.
Once you’ve trained your staff on how to run the updates, make sure they do so on a regular basis. With every firmware update, security vulnerabilities are patched. Left unpatched, those routers are a weak link in the security of their home network.
Speaking of your remote worker’s LANs, it’s very likely they’ll be using wireless at some point. Because of this, you need to make sure they are working with the WPA3 Wi-Fi security standard. If their routers and laptops/desktops don’t support that standard, either purchase hardware for them or suggest they do it themselves. The WPA3 standard considerably improves general Wi-Fi encryption, thanks to Simultaneous Authentication Protocols (SAE) that replace the Pre-Shared key authentication used in previous WPA standards.
Also (and this goes back to passwords), you must make sure your remote workers have secured their wireless networks with very challenging passwords. Finally, if your remote workers have wireless routers that offer guest networks, have them set up a guest network that their family can use. With your remote staff working on a different network than the family, there’s less a chance you’ll have to deal with security issues.
This might be a hassle for every admin out there, but it’ll go a long way to keeping you sane and your remote staff secure. Keep an inventory of all the equipment and services your remote employees use: Routers, switches, modems, laptops, desktops, phones, tablets, remote services, on-premise servers. If your staff use something for work, keep track of it.
With a database of equipment and services being used, you can more easily be on top of when a company releases a firmware or software update, or there’s an issue with a service that should be addressed by your staff. If you don’t have such a list, you have to rely solely on your remote employees to keep track of when their hardware has an update.
Make it easy on everyone by keeping score yourself.
These don’t have to be the VPNs of old, which allow remote workers to function as though they were on your company’s LAN. For that, you can work with a cloud service. What we’re talking about is the VPN technology that can obfuscate remote workers’ network traffic, making it harder for would-be-hackers to hijack sensitive data transmitted by staff.
These services are often cheap, especially compared to the protection they can offer. Companies like NordVPN, ExpressVPN, Surfshark, ProtonVPN, and IPVanish are not only effective but easy enough that anyone can use them.
Finally, and this one can’t be overstated, make sure your IT staff is readily available to help remote staff. They’ll always be on-site for in-house employees, which is great. But when you have remote staff, those people should feel as though they have the same safety net to fall into, should something go wrong (or they have a question).
Don’t let your remote staff fall victim to the “out of sight, out of mind” adage. Make sure they have the same level of help as those who are on site. And make sure your IT staff respond to remote support requests in a timely fashion. If remote employees are left hanging, they can’t be productive. And if the problem is a security issue, even more is at stake.
It shouldn’t take nearly as much work as you think to keep your remote staff working securely. It might take a little more time and investment upfront, but once things are running smoothly, you’ll be surprised at how easy (and rewarding) it can be to have both on-site and remote employees (and have them working securely).