Get All Access for $5/mo

How to Maintain Security When Employees Work Remotely Tips for preventing data leaks from remote workers' devices.

By Riva Richmond

Opinions expressed by Entrepreneur contributors are their own.

Thanks to significant advances in networking and mobile technologies, more people are working less and less from the office. Increasingly, we work from client locations, hotels, home offices and sometimes even from summertime beach cabanas.

This unprecedented ability work from anywhere has enabled companies to keep the best employees, regardless of where they may live, and swelled the ranks of "virtual" companies, whose employees meet constantly online, but rarely in the flesh.

But as computing infrastructures become more diffused and decentralized, keeping machines and data secure becomes more challenging. All those far-flung devices can become infected with malware that may also infiltrate the company's network and make off with valuable company data. Mobile devices also are susceptible to data leaks because they can be lost or stolen, as well as more easily accessed by an outsider. When data disappears, financial, legal and reputational problems can quickly follow.

Here are guidelines on how to tighten security, while leaving workers free to roam:

Protect remote users' devices.
Most data-stealing malware that infects PCs arrives via the web and email. In an ideal situation, you'd reduce the chances of a security breach by barring personal web browsing and emailing by workers on work computers, says Alan Paller, director of research at the SANS Institute, a non-profit that trains computer-security professionals.

Of course, even if you provide and own the devices in question, that could be a tall order. "Unfortunately, in practice, it's a very hard thing and a very costly thing to enforce," says Jon Ramsey, chief technology officer at Dell SecureWorks, the security-services unit of Dell Inc. "Ultimately, we want the machine to be able to go anywhere and still be protected."

To reduce the chances of a malware infection, use security software and practice good computer hygiene by using the latest versions of all applications and installing new security patches immediately. It's risky to rely on workers to take care of updating applications, so activate automatic updates from software makers or use a patch-management tool -- such as Windows Intune for Windows users ($11 per user per month) -- to distribute updates to remote computers yourself.

To mitigate potential damage from a lost device, install whole-disk encryption software, which can keep unauthorized people from accessing any of its data. Also, install remote-wipe apps on mobile devices so you can erase data if the device is gone forever.

Related: Three Low-Cost Ways to Keep Data Safe When Traveling for Business

Use cloud applications.
By using web-based applications to handle business tasks, a small business can let its employees work from any location, while handing off most data-security responsibility to cloud-service providers who are often better equipped and staffed to lock it down.

For instance, Microsoft Office 365 lets users access office applications and email, calendars and file-sharing tools using computers, the web and mobile devices (plans range from $4 to $20 per user per month). Many small companies use Google Apps for office applications (free for up to 10 users, $5 or $10 per month for more users). There are cloud applications for more specialized tasks, too, such as Salesforce.com (plans range from $5 to $250 per user per month) for customer relationship management.

Note that it's vital that your employees -- and especially your administrator -- use strong passwords for their accounts and refrain from reusing passwords they use for other applications or sites, says John Pescatore, an analyst for Gartner Inc., a research firm based in Stamford, Conn. If the application offers an authentication option that's stronger than a simple password, use it. For example, Google offers free "2-step verification," a second one-time code you must enter that's sent to your mobile phone.

You can even use cloud applications to secure employees' use of the web. Such services are available from companies such as Zscaler ($1 to $5 per user per month) and Cicso's ScanSafe (starting at $32 per user per year for 25 to 199 users).

There are, however, some privacy issues associated with working in the cloud. For instance, your cloud provider could comply with subpoenas for your data that you might have chosen to fight.

Related: 3 Tips for Keeping Data Safe in the Cloud (Infographic)

Create a secure connection to the company network.
You could also set up a system to provide remote workers with secure access to your corporate network.

Traditional systems include technologies like virtual private network (VPN) software, which encrypts remote workers' internet traffic, along with tools that make sure remote computers have security patches installed, are configured correctly and are monitored for signs of infection. For example, Dell SecureWorks offers "unified threat management" systems to small companies using technology from Dell's SonicWALL unit or Fortinet (starts at $150 a month).

Many small companies ensconced in the Windows world use Microsoft's Windows Small Business Server to enable remote network access and protect data, among other things (SBS 2011 Essentials, $545, 25-user maximum). The software giant recently announced a new version due out this year called Windows Server 2012 Essentials that's more cloud-centric ($425, 25-user maximum).

Those less committed to Windows might consider products such as Cisco AnyConnect (about $11 per user per year for 25 to 199 users) or Juniper's Juno Pulse ($90 per user for 500 users, $135 per user for 100 users, plus hardware), Pescatore says.

Related: Why You Might Need to Rethink Your Internet Security -- Now

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Marketing

9 Key Tips to Help You Get the Most Out of Your Link-Building Efforts

Here's a quick guide that will help you identify the scams and get the best value for your money.

Business News

Daniel Lubetzky Took Kind Snacks From Idea to $5 Billion. Here's His Best Advice For Anyone Who Wants to Start a Business.

In an interview with Entrepreneur, Kind Snacks founder Daniel Lubetzky tells aspiring business owners not to follow someone else's path to success — even his.

Business News

JPMorgan Chase CEO Jamie Dimon Isn't Worried About AI Taking Over Jobs — Here's Why

Dimon said AI was part of the next wave of tech innovation.

Growing a Business

How to Build Effective Collaborative Business Relationships — Your Step-by-Step Guide

Use this structured framework to form successful partnerships, manage risks and create lasting value for all stakeholders involved.

Marketing

Free Webinar | November 20: How to Avoid 3 Costly and Common Marketing Mistakes

Join our webinar on 11/20 with author and business coach Darcy Juarez to learn simple, budget-friendly marketing strategies that will attract clients and grow your business fast. Register now!

Business Plans

How to Master Your Strategic Planning As You Prepare Your Business for 2025

Here's how to best think about strategic planning, communication rhythms and maintaining alignment for consistent growth as you plan for next year.