Hiring remotely? Get your device security right
The cost of a data breach is at an all-time high.
In 2021, the average data breach cost US$4.24mil. This year, the cost has risen 2.6% to US$4.35mil. You simply cannot afford to not prioritise IT security.
That’s challenging enough when every worker is office-based, working from a centralised network, and their devices stay put. But when your teams work remotely, there’s additional security, configuration and logistical challenges that need to be addressed before you’ve even worked out how to get a device to arrive safely in a different city, country or continent.
What are the key security risks associated with remote working?
The list is endless. But there are three key traits of remote working that make an organisation more vulnerable to a cyber attack:
- Increased dependence on digital information sharing – documents and messages are more often shared via external applications (such as WhatsApp and personal Dropbox), rather than by word of mouth or through managed business tools.
- Use of insecure networks – home networks could be compromised, and public spaces such as coffee shops, libraries and co-working spaces often have limited security that can be easily infiltrated.
- Increased use of personal devices – Companies cannot impose the same security measures on personal devices as with issued devices. And with over half of employees claiming to use their personal phone or laptop for work, for at least some of the time, this could be a major issue.
In an ideal world, every company would have the budget for a fully-stacked IT security team. But in the absence of that infrastructure, here are 5 basic IT device security tips that any organisation should factor.
1.Ensure every worker has a company device (do not rely on BYOD)
The simplest way to stop or mitigate any personal device use? Supply workers with corporate devices – aka avoid a Bring Your Own Device (BYOD) model.
Bring Your Own Device (BYOD) policies may appear to help cut costs on device procurement. But as over half of IT professionals believe that personal device use increases the likelihood of a security breach, this cost saving could be financially detrimental longer term.
Deploying devices to remote workers has never been easier, thanks to the rise in home office management solutions since the start of the pandemic.
2.Install applications and create user accounts pre-deployment
You want to remove any possibility of employees using their Google or Apple ID to log in to applications, as this increases the risk of data theft.
Personal logins will synchronise data to the cloud for all devices linked to that employee’s account. If your employee is able to download sensitive data onto their personal device via their personal login, they could retain that data long after leaving your company.
Avoid this risk by setting up (pre-configuring) devices before dispatching them to employees. create user accounts to prevent personal login use, and install security policies onto the device to minimise other security breach risks.
3.Enable remote installation of software updates
IT downtime is expensive – costing organisations $5,600 per minute on average. Keeping your devices up-to-date helps to tackle security vulnerabilities, fix bugs, and release new software features geared towards improving device performance.
There is, however, no guarantee that your remote employees will be regularly updating their software when needed. The safer route is to enrol in a device management system that enables your IT team to update devices remotely.
4.Enable remote locking/wiping of devices
Over half (56%) of IT professionals say that a lost or stolen laptop has led to a data breach. That’s highly worrying, given that a laptop is stolen every 53 seconds in the UK (Gartner).
If you’re able to remotely lock or wipe devices via your device management system as soon as they are reported lost or stolen, you greatly reduce the risk of external bodies accessing sensitive data.
This functionality is also crucial when offboarding remote employees. The vast majority (80%) of former employees are said to retain access to at least one sensitive business system after leaving their role.
If you’re able to terminate outgoing employees’ access credentials when you terminate their contracts, and wipe their devices of all corporate data, you mitigate the risk of data transfer or leakage.