Mobile and remote working: is it secure?
The move towards remote and mobile working seems to be an unstoppable trend. Research by ZDNet and Rhetorik found that the penetration of mobile workers across the UK workforce is significant. Nearly a quarter of all organizations considered more than half their staff to be mobile workers. Mobility, the research found, is an upward trend with nearly two-thirds of the research sample reporting an increasing proportion of mobile workers.
Mobility is clearly where users and companies want to go and it undoubtedly has major benefits. It brings freedom and reduced costs, but you still need to secure it. Security deployment, as is often the case, has lagged behind the rapid growth of technology and a significant number of staff are now working outside the protection of the company network gateway.
Organizations worry that mobile working will get beyond their control and cause problems both inside and outside the gateway, resulting in data loss and introducing malware. They are increasingly keen to ensure that the same policies and security they deploy at their corporate gateway are also provided for their mobile users. This is for compliance and legal requirements, as well as for security reasons. Another issue around mobile use, very topical at the moment, is that of organisations wanting to protect against data leakage and data loss, from such problems as stolen or mislaid laptops.
There is no one hard and fast solution to securing mobile and remote workers. Strong two-factor authentication, which ensures the identity of the mobile user connecting to the network or using the laptop/mobile device, is a basic requirement. Static passwords are woefully inadequate, with huge identity theft risks (particularly for wireless).
Increased remote working implies increased security at the end points and there is a wide range of solutions available including remote firewalls and specific end point solutions, which can be administered centrally. Such solutions can extend network protection strategies to mobile and remote users. They can also ensure that firewall, anti-virus and security patches are used by remote and mobile users when they should be.
Low cost encryption can protect remote laptop users and safeguard against data loss. In the past, poor performance and high costs prevented the use of encryption software, but today’s high performance and low cost solutions make it impossible to justify not encrypting laptops. Finally, wireless is high risk and all mobile wireless traffic should be over VPNs and be encrypted, with the use of strong authentication.