By identifying the issues with mobile working, SMBs can ensure that they provide a modern office environment without having to compromise on data security.

By Terry Hearn

In recent years, there has been a dramatic shift in the shape of the typical office dynamic. A changing attitude towards mobile working has seen it become part of the new normal, and it shows no signs of slowing down. By 2022, the global workforce is expected to reach the point where it is 42.5% mobile.

Advancements in technology and increased use of cloud services mean that it is no longer essential for a company’s workforce to operate from under the same roof. This can have many benefits for small businesses. From reduced overheads and less need for a large office space, to the ability to hire based on skills rather than regionality.

It is also a change that has become fundamental to how millennials like to work. Avast Business’ Mobile Workforce Report revealed that it is now considered so important that more than half of workers would choose the ability to work remotely over a 16% pay rise.

While there are certainly many benefits for SMBs and employees alike, increases in mobile working also brings with it a number of risks. For example, while the physical office might be secured with firewalls and antivirus software, there is no guarantee that level of security will be maintained when company data is accessed outside the office environment.

Increased use of personal devices

With work and personal life becoming increasingly entwined, employees working remotely are likely to be using personal devices more than ever before. There are certainly many benefits, with 49% saying they are more productive with their own devices, but using personal devices can increase the risk of the device itself being lost or stolen and give no control over whether the device is patched, updated and secure.

For this reason, SMBs should provide training to make sure employees are aware of the risks and implement a bring your own device policy. This should both provide security standards that employees should adhere to when working remotely, but also commit to regular training and providing endpoint security solutions to ensure the data is protected from both viruses and human error.

The risks of a mobile workforce

Free, public WiFi is certainly convenient for catching up on the news when on a train or in a coffee shop, but is not a safe option for work. In most cases, free networks are unsecured, meaning that any information sent or received while connected could potentially be accessed by hackers. This could put sensitive documents, user accounts and client information at risk.

As part of a mobile working policy, SMBs should warn staff to never use public WiFi for any activity that requires a secure connection. If a public network is the only option, then a virtual private network, or VPN, should be used to encrypt the data that is being transferred. Many VPN services provide apps for mobile use that are as simple to use as flicking a switch.

A lack of security training

It is common knowledge that many people persist with weak passwords or use the same ones over multiple personal accounts. Until the worst happens, convenience often outweighs the risks of a data breach. However, SMBs are not in a position to take such risks.

To prevent breaches, all staff should be required to create strong, unique passwords for all of their business accounts, using password managers to store them. Not only do many password managers provide secure encryption, but they will also generate new passwords when required, meaning that staff are more secure and only have to remember one password.

Two-factor authentication (2FA) is another very simple step that will further protect accounts. If hackers were to get hold of a password, they would still require another piece of information – often a single-use code sent directly to the user’s mobile device – to access the account. While it is not always switched on as default, 2FA is increasingly common and should be used wherever it is available.

Building a risk-aware strategy

While staff can be trained and human errors reduced, there will still remain the risk of a mistake occurring, so SMBs should always prepare for the worst. Planning ahead with a clear response strategy will make it easier to manage and minimize the damage that an attack could have, not just in terms of downtime and finances, but wider reputation. This strategy should also include regular backups of sensitive data to lessen the damage that could be caused by a ransomware attack.

For the modern workplace to remain secure, security has to become a part of the company culture and the responsibility of everyone, at all levels of the company, who has access to the office network. By establishing a holistic approach to security, including software, training and best practices, SMBs will be in a stronger position to identify and resolve potential risks while also having a clear plan of action for dealing with an attack.

Terry Hearn is a professional cyber security researcher and copywriter, who works alongside a number of international endpoint security brands writing about small business antivirus, cyber security, IoT and the mobile workforce.

Mobile workforce stock photo by wavebreakmedia/Shutterstock