Is Working Remote or Working From an Office More Secure? It's not a simple question, but the answer might surprise you.

By Sam Curry

Opinions expressed by Entrepreneur contributors are their own.

Maskot | Getty Images

Pre-crisis, most assumed the reason we didn't work from home en masse was because we didn't know how to or that it would take too much investment. We now know that's simply not true. A fully remote workforce is possible and probably has been for awhile. However, it does require a shift in IT structure, cultural norms and business and security practices. As business leaders across the country grapple with the same question — Do we return to the office or maintain remote work? — security is an important component of that discussion.

Related: How to Protect Your Small Business From Cyber Attacks Right Now

This massive, forced work-from-home experiment has highlighted two important points. First, most businesses can seamlessly operate without being tethered to a physical location. Many businesses actually experienced an uptick in productivity from this migration even if macroeconomic conditions limited the results. And second, while securing teleworkers is different than securing an office, it is certainly possible. In fact, it could be argued that if done right, a work-from-home or even a work-from-anywhere setup is even more secure than an office environment. It all boils down to what security measures an organization is taking.

Should your business be contemplating a fully remote workforce, a la Twitter or Square, here's what you'll need to make that environment secure:

Non-work device protection

This is an area that often goes unaddressed in securing a work-from-home environment. Employer-issued devices, such as laptops or mobile phones, are top of mind. But employees often have several devices in their homes that create vulnerabilities for a network. Home devices such as Amazon's Alexa or Google Home, for example, are constantly recording conversations and could be an entry point for bad actors. Wireless printers are another example of a point of vulnerability. So is the shared home WiFi and the family iPad. This is not to say that employees can't own such devices, but rather a business must include them in its security protocol to create the most secure environment for its enterprise.

Related: 6 Cyber Threats You Can't Afford to Ignore

Mobile security

Now more than ever the workforce is relying heavily on their mobile devices. They of course have played an important role in work execution for the last decade at least, but the role has expanded exponentially in the last few months. It's now sometimes an employee's main work device — the portal through which they read emails, edit PowerPoints and perhaps even access and write code.

Because of this, mobile device security is even more pertinent. It isn't solved by simply bringing the right solution to the phone. Businesses should consider four levels of security here: the chip set and stack (or hardware), which is typically secured by the manufacturer but is in need of improvement; mobile device management (MDM), mobile application management (MAM) or enterprise mobility management (EMM); classic controls such as strong authentication, antivirus and patching level; and finally, endpoint detection and response, and general monitoring for advanced attacks.

Related: 5 Types of Business Data Hackers Can't Wait to Get Their Hands On

An internet cafe mindset

Internet cafes were built on the idea that most people can meet all their digital needs without having a dedicated space or personal equipment. The same mantra should hold true for today's businesses. Business processes can no longer be connected to a physical location. Instead, build an "internet cafe" for your employees so they can work from anywhere, including their homes.

To avoid such attacks and ensure the login process is secure, make the authentication process central to your security setup. This is achieved with a few tactics. First, each endpoint (laptop, mobile device, Wi-Fi connection, etc.) must stand for itself, be self-reliant and have the needed security controls all by itself. Second, access to sensitive services must go through clear and designated gates. There should be no "open ports" from any segment in the network directly to any sensitive service or component. Third, do not rely on centralized network controls, and fourth, services should be un-meshed. This means every service has to be well-defined, understood, filterable, etc. And finally, management from everywhere must be possible. Security and management services should be applicable no matter where the endpoint is.

Related: Why You Should Be Using a VPN If You're Running Your Company From Home

As a final word of advice, be leery of the phrase "the new normal." We will only really know what the new normal is when the crisis is in the rearview mirror for a while. Just because the work-from-home trend has taken hold so quickly right now and is possible doesn't necessarily mean it's here to stay. The real reasons we didn't do it sooner, just like choosing to not get on airplanes or finally having a paperless office, are not clear and are deeply rooted in corporate cultures and behaviors. As an analogy, World War II, for example, plunged women into the workforce at the highest rates in history. At the time, we predicted this drastic shift in the workforce was going to be the new norm. But women's participation in the labor force remained nearly stagnant for a decade after the war. It wasn't until the 1960s that the rate at which women were working began to increase, which continues to the present day.

The same pattern could hold true for working from home: The practice might be a long-term trend or short-term progress that doesn't stick post-crisis. Either way, enterprises must be secured and devices protected for employees to be productive and successful, and we owe it to ourselves to remove IT and security concerns from the ability to just work-from-home or work-from-anywhere when the new normal finally does arrive.

Wavy Line
Sam Curry

Chief Security Officer at Cybereason

Sam Curry is CSO at Cybereason. He is a security visionary and thought leader and has been interviewed by dozens of journalists, has published broadly and has talked in media on security trends, threats and the impact of "cyber" on us all.

Editor's Pick

'Catastrophic': Here's What You Should Know About the Debt Ceiling Crisis — And How a Default Could Impact Your Business
I Helped Grow 4 Unicorns Over 10 Years That Generated $18 Billion in Online Revenues. Here's What I've Learned.
Want to Break Bad Habits and Supercharge Your Business? Use This Technique.
Don't Have Any Clients But Need Customer Testimonials? Follow These 3 Tricks To Boost Your Rep.
Why Are Some Wines More Expensive Than Others? A Top Winemaker Gives a Full-Bodied Explanation.

Related Topics


The Real Reason Why The Return to Office Movement is Failing is Revealed in New Study

There is a vivid sign of the disconnect between employees and their workplace, a glaring indication that companies need to revise their scripts to improve their hybrid and remote work policies.

Business News

7 of the 10 Most Expensive Cities to Live in the U.S. Are in One State

A new report by U.S. News found that San Diego is the most expensive city to live in for 2023-2024, followed by Los Angeles. New York City didn't even rank in the top 10.

Money & Finance

3 Ways to Create Multiple (Big) Streams of Income

Here are three ways to create multiple streams of income. These strategies require effort and resources but offer significant financial potential.


'That '70s Show' Star Convicted on Two Counts of Rape. He 'Drugged' His Victims.

Danny Masterson was accused of forcibly raping three women at different times between 2001 and 2003. The jury reached a verdict on two counts but was deadlocked on the third.


12 Good Reasons to Explain Why You Left a Job During an Interview

Not sure what to say when asked why you left your last job? Check out these reasons so that you have a great answer on your next interview.

Business News

Raccoon Adorably Orders A Donut From Dunkin' Drive Thru: 'Little Gentleman'

The hilarious clip has garnered over 21.3 million views on TikTok.