March 24, 2020

Know Your Risk When Allowing Your Employees to Work Remotely

By Peter Rothman, Chief Operating Officer, Marcum Technology

Advisory

With the state of the world today and the uncertainty of tomorrow, business leaders must understand the risk of working remotely and the importance of having a seasoned IT team when allowing your team members to connect from home.

Many organizations put revenue first and security second in a time of crisis; however, both need to be considered equally. We know our businesses cannot operate without income. But if that income is interrupted, lost or stolen, or your reputation is compromised, your organization could end up in an even worse situation, both short-term and long-term (assuming there is a long-term). Preventing any of these situations is a matter of security. There are always people who will look to take advantage of a crisis for nefarious purposes; you need to be cautious of solutions that seem to easy or too good to be true.

One of the major security areas organizations always work hard to secure are the end points such as smartphones, tablets, laptops and workstations. These are the hardest areas for a company to secure since managing technology paired with user behavior is a constant challenge, as the prevailing threats to these devices are continuously changing. As we become a more remote workforce in the next days, weeks and months, please make sure to factor in the risks associated with allowing people to work from off-site locations,

Following are some key security concerns that must be considered:

Can my firewalls handle the remote secure connections for my entire company if everyone is working remotely?
How do I know the devices my employees are using are secured with the proper technology, such as firewalls, antivirus and malware protection?
How do I prevent my confidential company data from leaking and becoming public or shared with my competition?

The best way to answer these questions is with a short assessment by a trained and trusted technology organization that engages with you to understand your business and its unique risks. A professional organization should never look to sell you a solution for the immediate revenue, but should become a trusted professional you can leverage who will look after your firm’s best interest at all times.
An assessment should cover the following areas at a minimum:

Review of network architecture including firewalls, switches and servers.
Identification of applications needed when working remotely.
Review of current security policies.
Review of end-user devices utilized on-site and remotely.
Review of current security software such as end point protection, data loss prevention, and anti-spam and phishing.
Review of compliance requirements for the organization such as HIPPA, PCI, GLB, GDPR or others.

Once all this information is gathered, analyzed and presented, the assessment will allow you to make an informed decision as to the best solution for your organization. A word of caution when making the final decision: do not be penny wise and pound foolish when it comes to the security of your organization. Hackers target individuals, and if you are opening up your environment to your employees remotely, there is a good possibility your organization can become the innocent bystander in a preexisting security breach.