In my last article, I described how working from home is transforming American industry and jobs. This is no idle claim. The single largest demographic group in the US labor force is now the millennial, with very different expectations regarding the flexibility an employer should offer to their employees.
In addition to changing employee expectations, there are several business and social drivers making it more attractive for employers to hire using a work at home (WAH) strategy:
- Most work at home employees report higher productivity and reduced stress levels
- Employers can access a much larger labor force with a deeper pool of talent and highly specialized skills
- Studies have shown work-at-home employees are more engaged with their job and employer
With 45 percent of the American workforce now spending much, or all, of their time working from home, c-suite executives are beginning to recognize the benefits of working from home. Yet despite the long list of benefits, one of the primary concerns for every business contemplating a work-at-home employment strategy is always security.
During the course of the past twenty years, technological advances have literally transformed our ability to not only recruit, hire, and train remote employees, but also to keep those employees and the business environment safe and secure. When properly integrated, the following five tactics can help to ensure your remote workers are as secure as their brick-and-mortar counterparts. These strategies focus on creating a secure work-at-home environment for customer-engagement agents, but these security principles can be applied to other industries or types of remote-work models.
1. Ensure you are PCI compliant. The Payment Card Industry Data Security Standard applies to companies of any size that accept credit-card payments. You need to plan how your IT system securely stores customer information, how you will protect that data from any security breach, and how your firewall can allow secure remote access. The industry best-practice security standards fall into 12 major areas, so this provides a comprehensive security framework that should be your baseline.
2. Use multi-factor authentication or biometrics for access. Multi-factor authentication (MFA) is commonly used to ensure that only authorized users can access a controlled system. The simple way to think about it is “something they user knows, and something they have”. They already “know” the something as a typical system will ask the user to login using their password, but will then prompt for information that needs to be retrieved from an additional device — “something they have” – such as a numeric key fob, or thin client device. The user can only login by correctly passing through both levels of authentication. Given the low cost today of biometric-scanning devices for fingerprints, palm prints, or eyes (retina scans), it is also feasible to consider biometric tests in addition to passwords. Remote workers should never be able to access your system just because they know a username and password.
3. Insulate personal or financial information with automation. You can protect both your customer and your employees by using automated systems to handle personal financial information, for example, when taking payment from a customer. The human agent can pass the customer over to an automated IVR system (Interactive Voice Response) at the time payment card details are required with the customer returning to the agent once the card has been processed. Automating the capture of financial or personal information ensures that the agent never hears or has access to this information.
4. Lockdown the PC desktop. Your remote workers will be using standard PC equipment connected to the Internet, but certain minimum standards will be required in addition to basic protection such as an anti-virus firewall. All non-business functionality will need to be locked down and unavailable when the system is being used for your business. This means that functionality such as printing the screen or saving data to the hard drive must be disabled. Virtual Desktop Interface (VDI) applications are sophisticated tools that allow a secure environment to be created — by harnessing these tools and only allowing remote employees to access from a locked and controlled cloud system, you will create a more secure environment.
5. Encrypt those calls. In their day-to-day life, most people are already using end-to-end encryption when they send messages using apps such as WhatsApp or Skype. Any communication undertaken by your remote workers needs to utilize similar levels of encryption, so if their connection is hacked, then it will be impossible to make sense of the data transfer — only the sender and receiver will have the key to the encrypted communication stream.
Creating a culture of security by offering training to your remote team is also extremely important, because the team may spot attempted security breaches even before your security team does. This security-first culture combined with the approach I have outlined in these simple measures addresses the three most significant security challenges that any work-at-home model has to contend with:
- The desktop: controlling the desktop so that the agent has no opportunity to record any personal customer information
- The network: eliminating the chance of access to the system via a hacked network
- Personal data: payment shielding so detailed personal information is never shared — even if a rogue agent takes a job with the intention of stealing data, they will not have access to any personal payment information
Finally, never lose sight of the fact that vetting your work talent in advance is a crucial step. Ultimately, many companies that haven’t yet employed a work-at-home business model may find they need to do so to gain a competitive advantage. The advantage of being able to access an enormous talent pool filled with highly skilled people is a distinct business differentiator in a knowledge economy. By following these five steps, you can ensure that your remote team, whatever function they perform, is just as secure as your onsite employees.