How to stay friends with remote workers & still rule IT security

Category: IT Security / Date: 22 August 2019

Safe remote work“Put that down”. “Careful with that, it’s fragile.” “What did I tell you about talking to strangers on your company smartphone?” IT managers sound suspiciously like mothers. And whether you have kids of your own or not; that’s not who want to be at work. Sadly, making your co-workers aware of the risks that come with them using their own devices requires constant nagging. The risks are just too high to let them leave with laptops and phones filled with your company data and customer contacts. An alternative way of dealing with this problem is to only allow the usage of company managed devices. But come on. This is not the early 90s. In this article, we’ll tell you how you can optimally secure your company assets while keepin’ the peace.   

The dark side of freedom

The Bring Your Own Device (BYOD) concept is gaining popularity. Employees like bringing their own laptops and phones to work, so they don’t have to carry around multiple devices. Because today, “work” can be everywhere. Sales professionals visit clients and prospects, board members have meetings with partners, and cafés, trains and even airports make equally comfortable work stations as our company desks. It’s far more convenient for businesses to let employees use their own devices and safe out on hardware at the same time. The problem is, privately owned devices are not controlled by the IT department but do run off with company data, which is a huge risk. Think about something simple as a contact list on a phone. There’s no way that you, as an IT manager, can prevent contact lists on privately owned phones being synchronized to, for example, iCloud. Not to mention the risks that come with remote workers using a VPN to connect to the company network.   

So, what’s an IT manager to do? Below, we’ll share 3 tips.

1. Be kind, but don’t trust a soul

In today’s digital world, paranoia is your best friend. There are many ways to break into company systems, but it gets easier now that company data also travels beyond company walls. Cafes, trains, airports; they all have very good Wi-Fi, but these connections are also very unsafe. You can set rules all you want; there’s no way your remote co-workers will ever be able to work safely when using Wi-Fi that you don’t control. Therefore, don’t take it out on them, but rather think about a zero-trust solution that protects them and your company data, no matter where they are.

2. Don’t use VPN (or at least don’t trust it)

Don’t get us wrong; VPNs themselves are quite secure as they’re well protected by their own software. The problem lies in the connection that VPNs make between the outside world and the company network. They form a highway that goes straight to your company systems, which is great news for co-workers, but also for malware. Second, because of VPN, there are remote workers wandering the halls of your physical network that you can’t control or check before they enter. Whether they use public Wi-Fi or work from home; you don’t know what happens on the other side.

“Stop securing the connection between remote workers and your company network and start securing the assets themselves”

3. Use a security application that you can control remotely

As we said in the introduction, banning all privately-owned devices isn’t the solution. After all, company managed devices leave the office too, meaning you’d have to spend a lot of time securing them. We therefore recommend you stop securing the connection between remote workers and your company network and start securing the assets themselves. If you find a way to secure the devices that your co-workers use, they can use any type of internet connection they like.

Ok. But what does that look like in real life?

Generally speaking, there are two options: a device centric solution and a data centric one. With a device centric solution, you gain full control over all devices (either privately owned or company managed) for example through Mobile Device Management (MDM) or Enterprise Mobility Management (EMM). This does get in the way of your co-workers’ flexibility, though, and it comes with a lot of extra work. The second option is to use an app container and have co-workers install it on their devices themselves. This container forms a security layer around all the work applications, so they’re separated from the private applications. As all data in the container and between the container and the network is encrypted, remote workers can connect to any Wi-Fi, only this time, risks are limited to a minimum. Additional advantage: your co-workers will love you for leaving them alone.

Do you want to know more about the two approaches on secure mobile access? Then download the white paper below for free!

DOWNLOAD THE WHITEPAPER

White paper Network Access Control made easy

Network Access Control put to the test

A case story on real-life NAC applications. Download here:

Network Access Control Case story