How to keep remote workers safe
Protecting staff and digital assets in the new world of work
More and more people are going in for remote and flexible working but how do companies protect their staff and digital assets in this new world of work?
I'm a huge fan of flexible working. Last year, I wrote 60,000 words for one client over the space of six weeks while working out of hotels in New York and Washington while my wife was on tour with the RSC. A couple of years ago I decamped to San Francisco for a whole month and worked there. The same technology lets me work from client offices or from Starbucks if I want to.
My laptop is my office
I need a lot of technology to make this work. I have a server running Small Business Server (SBS) 2003. I'm the poster child for remote access to email using SBS: I have an Orange C600 smart phone, an HP iPAQ PDA hw6515 with phone, satnav and email and, of course, a laptop with Wi-Fi.
�...I'm the poster child for remote access to email using SBS�
I also use a couple of web-based applications for my work. The first is BaseCamp, which lets me share files and schedules with my clients. The second is Harvest, which does all my time tracking for billing purposes. Then, of course, there are my blogs: Bad Language and ModernPilot.com. I can update both of them using any web browser but I prefer to use the new Microsoft Live Writer software.
Keep flexible, stay safe
Writing about security means that I am perhaps over-paranoid about protecting myself when I'm working away from the office. I use encryption on my laptop and I make sure that all the websites I use support SSL-encryption (you know, the little golden padlock). I ensure that my PC and server are kept secure with anti-virus software, updates and all the other things. I'm also a great believer in strong passwords.
This is all fine for me because I am the owner and only employee of my business. I know how to protect myself and I know how important it is. What happens when your employees want more flexible working? How do you ensure that they apply the same security standards you do?
Technology, training and policies
You can achieve a lot with technology. For example, it is possible to stop employees connecting to company networks if their PC is not up to date with anti-virus protection and software updates. You can also enforce strong password policies and encryption automatically. Another good practice is to allow remote access only from company computers that you manage and control.
However, this only goes so far. You can fix the bug in the computer but you also have to fix the bug in people's brains. This needs training and policies. It's great to have computer use policies written by HR lawyers but you need an English-language summary that people can read and inwardly absorb. Regular refresher training about security and the risks (and penalties) of getting it wrong will keep the message in the front of people's minds. In short, you need to devote as much time, attention and resources to the human dimension as you do to the technology.
Read Matthew's previous columns in our Security Bulletin archive.
How's your overall approach to security? Find out if you could be doing more with our interactive security check.