Get All Access for $5/mo

Is Working Remote or Working From an Office More Secure? It's not a simple question, but the answer might surprise you.

By Sam Curry Edited by Jessica Thomas

Opinions expressed by Entrepreneur contributors are their own.

Maskot | Getty Images

Pre-crisis, most assumed the reason we didn't work from home en masse was because we didn't know how to or that it would take too much investment. We now know that's simply not true. A fully remote workforce is possible and probably has been for awhile. However, it does require a shift in IT structure, cultural norms and business and security practices. As business leaders across the country grapple with the same question — Do we return to the office or maintain remote work? — security is an important component of that discussion.

Related: How to Protect Your Small Business From Cyber Attacks Right Now

This massive, forced work-from-home experiment has highlighted two important points. First, most businesses can seamlessly operate without being tethered to a physical location. Many businesses actually experienced an uptick in productivity from this migration even if macroeconomic conditions limited the results. And second, while securing teleworkers is different than securing an office, it is certainly possible. In fact, it could be argued that if done right, a work-from-home or even a work-from-anywhere setup is even more secure than an office environment. It all boils down to what security measures an organization is taking.

Should your business be contemplating a fully remote workforce, a la Twitter or Square, here's what you'll need to make that environment secure:

Non-work device protection

This is an area that often goes unaddressed in securing a work-from-home environment. Employer-issued devices, such as laptops or mobile phones, are top of mind. But employees often have several devices in their homes that create vulnerabilities for a network. Home devices such as Amazon's Alexa or Google Home, for example, are constantly recording conversations and could be an entry point for bad actors. Wireless printers are another example of a point of vulnerability. So is the shared home WiFi and the family iPad. This is not to say that employees can't own such devices, but rather a business must include them in its security protocol to create the most secure environment for its enterprise.

Related: 6 Cyber Threats You Can't Afford to Ignore

Mobile security

Now more than ever the workforce is relying heavily on their mobile devices. They of course have played an important role in work execution for the last decade at least, but the role has expanded exponentially in the last few months. It's now sometimes an employee's main work device — the portal through which they read emails, edit PowerPoints and perhaps even access and write code.

Because of this, mobile device security is even more pertinent. It isn't solved by simply bringing the right solution to the phone. Businesses should consider four levels of security here: the chip set and stack (or hardware), which is typically secured by the manufacturer but is in need of improvement; mobile device management (MDM), mobile application management (MAM) or enterprise mobility management (EMM); classic controls such as strong authentication, antivirus and patching level; and finally, endpoint detection and response, and general monitoring for advanced attacks.

Related: 5 Types of Business Data Hackers Can't Wait to Get Their Hands On

An internet cafe mindset

Internet cafes were built on the idea that most people can meet all their digital needs without having a dedicated space or personal equipment. The same mantra should hold true for today's businesses. Business processes can no longer be connected to a physical location. Instead, build an "internet cafe" for your employees so they can work from anywhere, including their homes.

To avoid such attacks and ensure the login process is secure, make the authentication process central to your security setup. This is achieved with a few tactics. First, each endpoint (laptop, mobile device, Wi-Fi connection, etc.) must stand for itself, be self-reliant and have the needed security controls all by itself. Second, access to sensitive services must go through clear and designated gates. There should be no "open ports" from any segment in the network directly to any sensitive service or component. Third, do not rely on centralized network controls, and fourth, services should be un-meshed. This means every service has to be well-defined, understood, filterable, etc. And finally, management from everywhere must be possible. Security and management services should be applicable no matter where the endpoint is.

Related: Why You Should Be Using a VPN If You're Running Your Company From Home

As a final word of advice, be leery of the phrase "the new normal." We will only really know what the new normal is when the crisis is in the rearview mirror for a while. Just because the work-from-home trend has taken hold so quickly right now and is possible doesn't necessarily mean it's here to stay. The real reasons we didn't do it sooner, just like choosing to not get on airplanes or finally having a paperless office, are not clear and are deeply rooted in corporate cultures and behaviors. As an analogy, World War II, for example, plunged women into the workforce at the highest rates in history. At the time, we predicted this drastic shift in the workforce was going to be the new norm. But women's participation in the labor force remained nearly stagnant for a decade after the war. It wasn't until the 1960s that the rate at which women were working began to increase, which continues to the present day.

The same pattern could hold true for working from home: The practice might be a long-term trend or short-term progress that doesn't stick post-crisis. Either way, enterprises must be secured and devices protected for employees to be productive and successful, and we owe it to ourselves to remove IT and security concerns from the ability to just work-from-home or work-from-anywhere when the new normal finally does arrive.

Sam Curry

Chief Security Officer at Cybereason

Sam Curry is CSO at Cybereason. He is a security visionary and thought leader and has been interviewed by dozens of journalists, has published broadly and has talked in media on security trends, threats and the impact of "cyber" on us all.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Business Solutions

Get Down to Business with Lifetime Access to Microsoft Office 2021 for Mac for 70% Off

Unlock essential Office tools with a one-time purchase — ideal for entrepreneurs and professionals looking to streamline their workflow.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Looking for a Remote Job? Here Are the Most In-Demand Skills to Have on Your Resume, According to Employers.

Employers are looking for interpersonal skills like teamwork as well as specific coding skills.

Franchise

The Top 10 Coffee Franchises in 2024

From a classic cup of joe to a creamy latte, grab your favorite mug and get ready to brew up success with the best coffee franchises.

Business News

'Do You Sell Cars?': Tesla CEO Elon Musk Trolls Jaguar Rebrand on X

The team running Jaguar's X account was working hard on social media this week.