Web worker security: how to keep your data safe at a distance

The flexibility and autonomy of web working can boost productivity and morale, but letting company information out of the secure perimeter of corporate headquarters also opens organizations up to a whole host of security concerns, according to a recent article from MIT’s Technology Review. The piece lists several potential vulnerabilities, including:

  • Web workers are more vulnerable to “social engineering” attacks. In an office, “you can pretend that you’re a bike courier or FedEx guy (s fdx), but you still have to get past the security guard, receptionist, and so on,” explains Steven Chan, chief software architect with MIT’s engineering systems division.
  • Office network security usually beats home network security.
  • Loss or theft of devices is a bigger threat for mobile workers.
  • Greater employee control over which devices they use can for work can create security concerns.

Still, the payoffs of web work are high and there are sensible steps organizations can take to minimize these risks. The experts at MIT also offer these recommendations:

  • Limit the threat from lost or stolen devices through encryption and tracking. “For thorough security, the entire hard drive should be encrypted and should be accessible only through strong passwords—Microsoft recommends passwords of at least 14 characters, some of which are letters, numbers, and symbols. Furthermore, tracking software can be used to locate a lost laptop, phone, or tablet and remotely wipe it clean of data,” says MIT.
  • Decide who needs access to what. Review often. MIT’s Chan suggests “credentialing, which means employees should get access only to the information they require for their work.” And don’t just set these permissions and forget about them. “Security isn’t something companies dust off and adjust once a year,” agrees CTO Edge in another recent piece on telecommuting and security.
  • Servers should be vigilant too. “Have servers in a network identify and authenticate all devices attempting to gain access,” suggests MIT. “In a step known as device fingerprinting, the network can try to distinguish a legitimate remote employee from a rogue hacker by looking at the IP address, device serial numbers, and other settings on the user’s computer. If an unfamiliar device attempts to access the network… either entry is denied or the request is evaluated after further authentication (by a phone call to the user, for instance).”

While there are some risks, working remotely can also offer security advantages, according to some experts. For instance, locating files in the cloud, which is increasingly common practices for dispersed teams, means that “there are no files on a physical laptop which could get lost or hacked into,” InfoStreet CEO Siamak Farah has previously told WebWorkerDaily.

Is your team taking all sensible measures to keep your data secure despite being physically dispersed?

Photo courtesy Flickr user Trevor Blake