The Rise and Risks of Telecommuters: How to Control Shadow IT


iStock_000042317270_LargeThis past winter has been one of the worst in recent years for winter storms; even that feels like a bit of an understatement. The amount of snow that parts of the East Coast has seen this season is reaching staggering levels; some are reporting a total snowfall of just over 16 feet. What does this spell? Road closures, school closures, flight delays and cancellations. Work doesn’t cease; employees just have to change tactics (and location). In these instances, it’s best to resort to telecommuting.

Telecommuting is not just simply about being able to work from home; it also includes being able to work on-site with a client or while travelling. While the last two seem common place, it’s the former, those working at their residence that has seen a significant uptake. According to a study from ZDNet, 24 percent of American workers telecommute at least part-time each week.

According to an Accountemps survey, 36 percent of CFOs surveyed indicated that the number of remote work opportunities increased over the last three years. In 2014, the Society for Human Resource Management conducted a survey of its 275,000 HR professional members. What they found was:

  • Telecommuting of any type is offered by 59 percent of respondents
  • Telecommuting on an ad-hoc basis (illness, personal issues, weather, etc.) increased from 45 percent in 2009 to 54 percent in 2014
  • Part-time telecommuting is offered by 29 percent
  • Full time telecommuting is available from 20 percent of respondents.

The Insecurity of Home Offices

Now telecommuting isn’t without security risk, mind you; more often than not a home is far less secure than an office, and may be more inviting to intruders. Employee practices can present a risk as well. An unsecured workspace could welcome curious visitors or family members. A child playing office could leak some private documents by accident. An adult sharing the same PC as the telecommuter could accidently install malware or delete crucial data.

Shadow IT – the use of non-IT-department-approved software, apps and hardware – is not a new concept; employees around the world may have implemented some form of it for fun or to get things done faster. They are both a source of productivity and concern. Potentially unsecure cloud storage solutions assist in transferring delicate files outside of the company, or private conversations take place over an external instant messaging program. These can lead to data breaches or a tangled, convoluted web of systems that have no way of being properly managed.

The telecommuter unfortunately poses an even greater Shadow IT risk, as they may be more inclined to take matter into their own hands, given their isolation. To avoid problems, companies need to ask these questions of its telecommuting employees in order to manage them:

  1. What company-provided equipment and tools will the employee need?
  2. Is there a safe, designated workspace?
  3. Is there an established means and time for communication?
  4. What happens when the telecommuter is terminated?
  5. How will data be secured?

4 Necessary Items in Your Telecommuting Policy

Secure communication must never be overlooked when planning out how the home space will connect to the office space. If not, one is simply punching holes in a corporate computer network, risking the loss of data and intellectual property from outside the office walls. Organizations should look at taking the following steps:

  • A way to encrypt data transferred between telecommuter and a corporate network (e.g. VPN).
  • A robust authentication procedure to help prevent hackers from gaining access, even over a personal or public network (e.g. two-factor authentication).
  • Employ an “acceptable use policy” in regards to company-issued devices that the telecommuter will be using. This should include downloading of personal data (media, applications, etc). Personal files and applications should not be trusted and need to be seen as potential attack vectors.
  • Limit access to unauthorized SaaS applications, such as cloud services, VoIP and IM

It’s easy for an employee to employ third-party applications as workarounds when outside of the office. However, they may unknowingly cause an absolute security nightmare. Regardless if they are at the office or on their couch, security needs to be crucial, adaptable and easily managed.

Enterprise Identity by BlackBerry can uphold the potential of telecommuters without sacrificing their security and productivity. By enabling a federated identity and single sign-on for each employee, access to cloud-based applications is still as easy as before, but now controlled and fully secured. Enterprise Identity by BlackBerry provides cross-platform access and employee account management both before and after their employment. Just as positions and duties can vary between employees, so can the degree of access they possess when taking both internal and external applications into consideration. It’s about having the right access to the right data and the right time. IT managers keep a strong grip on visibility so they can see which files go where in order to better understand why.

VPN Authentication by BlackBerry can also play a role in maintaining secure access to private data, as it provides a means to use existing mobile devices as a replacement to one-time password tokens. Its two-factor authentication based on Public Key Infrastructure allows companies to do away with costly one-time password hardware and support.

Standard telecommuting aside, what about those employees unexpectedly hit by snowstorm or the flu? Work doesn’t cease, even if they left their laptop at work. Individuals can still be productive with BlackBerry Blend installed on their PC and their mobile device. It allows remote access into work resources such as files, email and cloud-based apps, while protecting security – even with a personal computer or tablet.

Telecommuting is not slowing down, and the security needed to support it is just as critical. With that in mind, it’s necessary to employ a robust enterprise mobility management solution to cover any type of remote worker and still protect corporate assets.

About Jeff Gadway

I'm the head of product and brand marketing for BBM. This means I work with our engineers, product managers, growth hackers and marketing communications team to create and communicate the magic of BBM. Off the clock, I'm a dog lover, coffee enthusiast and love helping start-ups with marketing stuff.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus