Security And Security Awareness For Distributed Teams

View all blog posts under Articles

The concept of a distributed workforce is one that many companies have adopted as standard operating procedure over the last 5 to 10 years. In fact, remote collaboration and distributed teams are so popular right now that a Remote Working Summit takes place annually in Dallas (attendees are encouraged to participate remotely).

Corporations are now looking for talent beyond their local communities, which allows for a greater degree of selectivity in the hiring process. Large companies can fill positions according to a specific list of qualifications, not having to compromise job requirements due to a potentially inadequate local talent pool.

Small companies can also benefit from distributed teams. A startup business in a small office can expand aggressively by hiring remote workers without potential increased overhead expenses, such as moving everyone into a larger office.

Despite the obvious benefits, remote working is not without its problems. Aspiring leaders and upper-level management would be wise to educate themselves about the benefits, risks, and various security approaches to maintaining a distributed workforce. An executive MBA program can expose students to the knowledge and solutions they will need to both utilize remote workers and ensure that the security of the company is not compromised.

The Risks Of Remote Working

The most popular type of service used to facilitate collaboration between distributed team members is SaaS (Software as a Service). Examples of SaaS include Slack, Google Docs, Tango, Dropbox, and Trello. Unfortunately, the risk of security breaches with these types of services is very high.

In 2016, Slack experienced a security issue when hackers hacked into confidential business communications

“The problem occurs because developers are not separating credentials from their code properly, meaning that anyone with malicious intent could easily search GitHub and potentially exploit a token with wide access to snoop on sensitive conversations happening inside a company,” explains award-winning security blogger Graham Cluley in his Tripwire.com article, “Slack Security Practices Could Lead to Hackers Eavesdropping on Corporate Internal Chat Systems.”

The fix for this breach required providing proper training to developers who post their code repositories to GitHub. Company executives also had to change procedures to ensure that credentials were no longer shared along with code on public repositories.

Strengthening The Human Element

As illustrated by the Slack example, a system is only as secure as the people using it. Most security breaches arise due to human error or ignorance. Laptop computers can be stolen, mobile devices can be lost, and employees who don’t realize they are compromising security can inadvertently share confidential information.

The onus of proper security practices falls upon human resources departments to institute security-training programs. Proper training should familiarize employees with possible security breaches as well as the methods used by hackers to secure information from unsuspecting victims.

“HR can help an organization create a work environment that empowers employees to use new technology efficiently while not sacrificing the safety and security of their or your organization’s data,” states tech company training expert Paxton Hehmeyer in his 2016 post, “Why Data Security Is An HR Initiative.”

“Changing practices, beliefs, and attitudes about data security needs to be a priority for all companies.”

A distributed workforce amplifies SaaS security dangers. So, even though remote workers are out of sight, a competent executive simply cannot afford to leave them out of the purview of the company’s training program.

Defend Against The Technical Dangers

Proper training combined with IT security measures can make for the most secure distributed workforce possible.

“If you want to have a remote worker program you need to consider some key points,” says global security advocate Dave Lewis in his 2015 article, “The Problem With Remote Workers” in Forbes.

“You need to have a clear policy on teleworking. You need to implement basic security measures for laptops such as full disk encryption, malicious software protection, VPN, firewall, content filtering, strong authentication and authentication measures, patching and monitoring.”

Security measures that company executives should consider implementing to ensure their distributed workforce is secure include:

1. Investing In Security – Data security is of the utmost importance where distributed teams are employed. Using cloud-based solutions, when available, can be beneficial because the security at cloud server farms is extensive and constantly maintained to high standards and up-to-date threats.

“You should always utilize a virtual private network (VPN) to access information when working offsite,” legal writer Pem Guerry writes of law firm data security in his article, “Why Remote Security Is A Must.”

“Housing your firm’s VPN in the cloud can minimize the need for local hardware and provides another layer of protection by creating a secure connection for continuing work outside the traditional office.”

2. Enabling Proper Configuration – A company’s IT department has the painstaking task of configuring employee devices to be secure. The process may be tedious with company-owned equipment, but is an absolute must with BYOD (Bring Your Own Device) scenarios where employees use their own equipment to accomplish remote work.

“Security misconfiguration is very critical with multi-tenancy where each tenant [user] has their own security configurations that may conflict with each other leading to security holes,” Mohammed Al Morsy, et al, explain in their paper, “An Analysis Of The Cloud Computing Security Problem,” presented at the 2010 APSEC Cloud Workshop in Sydney, Australia. “It is mostly recommended to depend on cloud provider security controls to enforce and manage security in a consistent, dynamic and robust way.”

3. Implementing Awareness Training – Remote workers must receive ongoing education in proper security procedures. If employees are going to access confidential company files and communication channels remotely, they must be comfortable taking the necessary steps to secure their connection.

“It’s essential to treat your security awareness program as a communication exercise,” says IT security expert Thor Olavsrud in his 2016 post “How To Craft A Security Awareness Program That Works” on CIO.com.

“Partnering with the [company’s] training organization or the marketing organization [can be done] to most effectively get the awareness training across.”

Executive leadership is effective when it understands both the benefits and the risks of distributed teams. The benefits are undeniable and the risks can be handled by devoting human resource training programs to ongoing security education for all employees, especially remote workers.

Washington State University’s Executive MBA Program

Washington State University offers an online Executive MBA Program that provides students with the knowledge, skills, and training that can bolster their candidacy for positions in corporate leadership. Coursework includes managerial leadership and productivity, organizational design, management of innovation, and more.

Sources:

• Slack Security Practices Could Lead to Hackers Eavesdropping on Corporate Internal Chat Systems – https://www.tripwire.com/state-of-security/featured/slack-security-practices-lead-hackers/
• Why Data Security Is An HR Initiative – http://www.thelawinsider.com/media/legaltech-media/why-data-security-is-an-hr-initiative/
• The Problem With Remote Workers – https://www.forbes.com/sites/davelewis/2015/03/31/the-problem-with-remote-workers/#1d534985554f
• Why Remote Security Is a Must – http://www.lawtechnologytoday.org/2017/01/why-remote-security-is-a-must/
• An Analysis Of The Cloud Computing Security Problem – https://www.cs.auckland.ac.nz/~john-g/papers/cloud2010_1.pdf
• How To Craft A Security Awareness Program That Works – http://www.cio.com/article/3076228/security/how-to-craft-a-security-awareness-program-that-works.html