Distributed teams with remote workers, mobile employees, and multiple office locations are faced with unique security challenges. The larger variety of devices, network infrastructure, and probable working locations all contribute to a wider attack surface that needs to be managed accordingly.
Securing Remote Access to Data
Employees need to have access to data in order to perform their roles and enable remote collaboration with their team members. Without a designated office space and equipment, ensuring secure remote access to sensitive data becomes a top priority for security professionals.
While technologies such as enterprise VPNs and remote access software can provide employees with secure access to the files they need, they can’t be relied upon as the sole source of data security. Even with an encrypted VPN connection a compromised endpoint device can potentially become an access point for threat actors to infiltrate the network. A layered security approach is needed to provide employees with remote access to data while mitigating the risks associated with their devices.
Even with secure remote access options, employees may negligently capture data and transfer it to unsecured channels if the speed of the remote access technology isn’t up to par. Network administrators can disable file transfers and copy/paste operations in an attempt to mitigate this risk, but employees can still potentially be capturing data through desktop recording software and by taking screenshots.
If remote access to data is required, the security infrastructure needs to include methods for validating the credentials of users that are connecting to the internal network and methods of limiting access permissions based on the employee’s risk level and the requirements of their role.
The prevalence of mobile devices and wider variety of working locations introduce significant physical security risks for distributed teams. Whether employees are working from home, out of a shared co-working space, or while travelling, they are likely to not have the same degree of physical security measures as employees in a traditional office.
- Employees that work while travelling are at a higher risk of loss or theft of endpoint devices that may contain sensitive corporate data.
- Mobile workers that set up an impromptu workstation in an airport or coffee shop are vulnerable to onlookers within their line-of-sight catching a glimpse of sensitive information.
- Mobile workers using personal devices may not have the critical security controls needed to remotely wipe sensitive data before the lost or stolen device is compromised.
The prevalent use of personal devices among distributed teams comes with a high degree of risks. While some of these risks may be addressed by measures outlined in a formal Bring Your Own Device (BYOD) policy, IT security teams simply cannot ensure the same level of protection for personal devices as they can for company-provided devices.
- Shared Access: Personal devices are likely to be shared with friends and family. If work files are not adequately secured against unauthorized access this provides opportunities for malicious or accidental data leaks.
- Patching: Without the oversight of dedicated support personnel, the installation of critical security updates could be delayed or outright ignored. Network access control (NAC) solutions can help enforce minimum security standards, but there’s no guarantee that unpatched vulnerabilities haven’t been exploited.
- Riskier Use: The activities that take place on personal devices are naturally higher in risk than those taken on dedicated work devices. Employees are likely to be installing shadow IT, downloading potentially insecure files, and browsing the internet more loosely than they would on a company-provided device.
Employees that work from home and connect to the internet using their home networks are also more vulnerable to external threats. Remote employees may not be proactively securing their networking hardware against common exploits such as default remote access credentials that allow threat actors to enact Man-in-the-Middle (MITM) attacks.
Shadow IT Management
Employees that are using personal devices have unfettered access to admin privileges – this poses a significant opportunity for unmanaged software and hardware to become an endpoint security vulnerability. The endpoint devices of distributed employees can also be connected to notoriously insecure consumer IoT devices, devices of other household members, and several other internet-capable devices that are unable to be managed by the corporate IT department.
While company-provided devices can be readily monitored and managed, they are not immune to shadow IT vulnerabilities. Even without admin access, end-users can retain access to several shadow IT programs through the use of web portals that offer similar functionality. While the use of a web filter can block access to these programs, distributed teams will also need to place a significant emphasis on developing a knowledgeable and security-driven workforce to further mitigate shadow IT risks.
Cultivating & Maintaining a Security Culture
Employees that are working from home are likely to inadvertently increase their security risks by letting their defenses down. Security teams and leadership need to work with distributed employees to ensure that security is prioritized as a company-wide responsibility and not simply a task for the IT department to manage.
Maintaining a security culture is much easier when employees are in constant contact with their coworkers and other members of the company. Employees in a distributed team need to be provided with consistent messaging that focuses on their data security responsibilities, the actions they can take to maintain the security of their devices, and the common threats that they can expect to be faced with.
- Set data security standards for portable storage
- Define the acceptable use of removable media
- Inform your users about their security responsibilities
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Data Theft Following a Termination
The employee offboarding process presents significant data security risks. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected.
- 70% of intellectual property theft occurs within the 90 days before an employee’s resignation announcement
- 88% of IT workers have stated that they would take sensitive data with them if they were fired
- 72% of CEOs admit they’ve taken valuable intellectual property (IP) from a former employer
- 50% of respondents in a Symantec survey say they have taken information, and 40% say they will use it in their new jobs
These vulnerabilities need to be addressed as part of any insider threat management program. Click the button below to learn the best practices for protecting data during a termination and gain access to a downloadable IT offboarding checklist.
The unique security challenges of distributed teams largely stem from the difficulty of implementing and enforcing the critical security controls that take place in traditional office environments. These challenges can be addressed with careful consideration for how remote-compatible technologies and procedures can be used for authentication, secure file access, and enforcing cybersecurity best practices. Where the provision of carefully monitored and managed devices is not feasible, security teams will need to work within the limitations of personal devices and address the added risks.