Your business wants to embrace remote access to allow your team to work from home, on the move, or from other locations. COVID-19 has shown us just how it important it is in a digitally connected world for teams to be able to work flexibly. However, without properly managing and securing the people, devices, data and networks involved in remote access work, you may put your business at risk.
For example, if a worker accidentally leaves their smartphone or tablet at a café, confidential files can be compromised if the device is unsecured. The next customer may be able to use the device to access a presentation about a commercial deal, or a spreadsheet with lists of customers and their personal details. And if your team members are accessing corporate systems over unsecured networks, they may be exposing sensitive information to cyber criminals who use malware to intercept communications.
These examples are the tip of the iceberg when it comes to potential risks. The latest Telstra Business Intelligence report on Managing Risks Online goes much deeper, with real-life business case studies and advice from leading Australian organisations and experts, like Microsoft and the eSafety Commissioner.
Can your business afford an attack?
When it comes to online security, experts say it pays to be proactive.Access free reportCan your business afford an attack?
Assess the risks
You can start by evaluating your business’s remote access practices. To help minimise the security risks associated with remote access, consider these questions:
- How am I managing and protecting the mobile devices that workers use to access data and applications?
- How am I protecting the confidential and valuable information that can be accessed via mobile devices?
- How am I protecting the information that traverses the internet from mobile (and other) devices to my business?
Your business may have vulnerabilities due to remote access practices that you aren’t aware of. It’s important that you consider where gaps might exist and how you can help prevent risks of online crime. If you have the means, it could be worth hiring an online security expert to assist.
Get help with device management
An end-to-end product solution for device management can add an extra layer of security and help minimise the risks if a breach were to occur. But you want to make sure the product you choose is comprehensive and covers all bases. To protect smartphones and tablets (and the data they hold), device management is key. When reviewing device management products, look for the following features:
- The product includes tools that enable your business to enforce policies. For example, locking all registered mobile devices with PINs that the user must input to gain access to the device.
- It allows administrators to enforce that certain applications (including antivirus, antispyware and other security software) are installed on the device when it is set up.
- The product allows administrators to determine the roles and privileges that each remote access user has. This protects sensitive information and minimises the risk of data leakage.
- It includes applications that capture and report on how corporate information is used on the device. This can help with audit trails so the business can comply with regulations and governance rules if needed.
- The product protects data by limiting the ability of employees to cut and paste data from corporate applications into personal systems or provides access to secure file sharing and syncing.
- There is a functionality that enables administrators to remotely lock devices, or wipe devices by deleting data and software they hold. This ensures that if a smartphone, tablet or laptop is left or lost by a worker, any sensitive information (including business data and passwords) on the device cannot be accessed.
Use a VPN
An internet VPN can allow businesses to protect their workers and systems without undertaking labour-intensive activities, like configuring manual systems in each remote office they operate. When determining which internet VPN best suits your business, you should ask the following questions:
- How easily can the internet VPN be set up?
- Can the internet VPN allow configuration changes on demand from remote locations?
- Can the internet VPN allow complete end-to-end control over and visibility of your service from a central location?
- Can your team connect securely to your office network (through a virtual firewall)?
- Can you set and enforce policies to ensure only authorised traffic enters your private network through a virtual firewall?
- Can you monitor and prevent staff from accessing malicious content and inappropriate web sites through web content filtering?
These three key considerations can help get you and your team on the way to working securely from just about anywhere.
*Originally published on March 20th 2017. Updated February 23rd 2021.