COVID-19: Secured Remote Hiring, Working, And Dismissing

How to prepare for all three

O brave new world, That has such people in't! – Shakespeare, The Tempest (V, i)

You’ve never met any of these people face to face. You are hiring them, working with them, and dismissing them remotely. While this happened less frequently in the pre-COVID-19 world, it’s the forced norm in the during-COVID-19 world.
 

When it’s “over,” we expect that while many people will go back to work onsite, the work-from-home contingent will be much larger than it was before.

Hiring And Onboarding

When you’ve found that ideal candidate, it’s time to bring them “on board.”

At the office, their devices would be subject to highly secure systems with extensive controls, including multi-factor authentication, separation of duties, identity access management, secure communications infrastructure, etc.

Working from home, much of that goes out the window. Even employees (who may be impersonated or victims of phishing) who have access to the VPNs (which might be compromised) are connecting via home Wi-Fi networks (which might also be compromised) and may be using their own computers or mobile devices (which, again, may be compromised).

You cannot send an IT person to each new hire’s house to secure their network infrastructure. Even if you ship them a preconfigured, secure corporate laptop, your employee is still most likely working in a nest of insecurity.

The main vulnerabilities are the same in any home – IoT devices give threat actors easy access to the home network; the home Wi-Fi router may still have the admin/1234 username and password from the manufacturer or be exposed to more sophisticated takeovers; the home computer and personal devices may have already been hacked and/or have weak passwords; and, of course, the human factor remains vulnerable but is now even greater. The mass of employees joining the remote workforce in haste are less aware of the necessary cautionary steps and never went through your usual corporate training.

Furthermore, your employee already has a mobile device that he will probably be using as the main point of contact for fellow employees and customers. Bring your own device (BYOD) strengthens employee productivity while giving employees the opportunity to work wherever they want, whenever they want.

However, it increases the organization’s security risk by putting corporate apps and data onto employees’ personal devices – if the device is hacked, lost or stolen, it could be accessed by threat actors. Compromised mobile devices or communications also means voice calls and text messages may be recorded by a third party.

BYOD specifically brings the following risks:

1. Security – if devices, which have access to the organization, are lost or stolen, someone else can access the corporate network and/or data.
2. Privacy – there is no separation between the employee’s personal and work life and data.
3. Customer relationships – Customers become used to calling their sales or technical reps on their personal numbers. When those employees leave the organization, in many cases to competitors, the customers often automatically go with them.
4. Reputation – With one device, employees may accidentally send inappropriate images or content to customers or colleagues, or send sensitive business information to private contacts and groups, when using WhatsApp or other popular messaging solutions.

The best practices for BYOD are to find a balance between corporate security and employee privacy; and work and personal lives; protecting the company’s reputation and customer base; and allowing delivery of exceptional client service.

Working Securely

Mobile device management (MDM) is critical for managing BYOD/BYOC - if the employee is using her own computer as well. Organizations must secure any device that can access the corporate network. MDM allows the company to choose what applications and data can be accessible on the employees’ personal mobile devices.

The ideal MDM will provide complete corporate control over its workspace, strengthening security, smoothing communication coordination and easing management of BYOD/BYOC. It is manufacturer-, OS-, and model-agnostic, allowing for complete control without interfering with the “personal” side of the devices. It allows employees to go “virtual.” Employers can manage a digital work phone that ensures that the organizations maintain control over their own data while employees maintain control over their own personal digital spaces.

It reduces security and IT costs with the ability to remotely wipe, backup, and restore entire workspaces, apps, and settings and migrate them from one device to another with a click; this ensures company data stays within the organization, even if devices are lost or stolen and upon employee separation. It completely protects the workspace while siloing off the “personal” part of the device.

By streamlining security and operations, it centrally manages and tightly controls and secures all mobile workspaces with automated deployment, provisioning, policy management, app delivery, and updates. The solution should have complete containerization and built-in enterprise-class security. The end-to-end workspace integrated unified communication platform needs to support any device or OS.

Furthermore, the ideal MDM solution creates complete, separate silos between the corporate and personal using different runtime environments and phone lines. It minimizes risk by shutting down workspaces in case of device theft or loss to protect corporate data without affecting the employees’ personal data. The solution delivers complete cloud-based disaster recovery. The easy-to-use management console allows the creation and enforcement of different settings, all with comprehensive monitoring.

Traditional approaches to managing BYOD rely on mobile device management systems, which cover the entire device – personal and corporate. That means, the employees’ private activities can be tracked and monitored and employees can lose all her personal contacts and photos if the device needs to be wiped out if it is lost, stolen, or hacked.

The ideal BYOD situation strengthens corporate security and management while ensuring that the personal and private are kept separately.

Saying Goodbye

We already live in a device-agnostic world. Any screen can deliver the information we seek, be it mobile, laptop, or smart TV. No matter what the future will hold, though, comprehensive security and separation between the work and the personal will still be critical. The best approach will be siloed, where our corporate workspaces and unified communications are kept completely separate from any personal activities on a single device. This will allow businesses to secure their proprietary information and applications while ensuring employees have complete freedom to operate as they choose on their “side” of the connectivity.

Whether that remote employee works for you for two days, two months, or two years, at some point, she’ll move on. If you’ve chosen your MDM and security solution wisely, you’ll be able to completely wipe out the corporate applications and phone numbers from her mobile device and personal computer without affecting any of her own data.

And you will confidently hire her replacement, knowing that you already have the security infrastructure in place to protect the organization and the employee from threat actors and cats who walk across keyboards and change data.

Tzachi Zack is Co-Founder and Chief Product Officer of Cubed Mobile.  Visit www.cubedmobile.com Connect Tzachi Zack