The telecommuting population is growing rapidly with about 3.7 million Americans already working from home these days. Further, in the UK, 58% professionals who were surveyed stated that they were looking to work remotely this year to improve their travel schedule (commuting to work can take as much as 90 minutes). Although it’s a global phenomenon, it’s the US that’s going to see the most growth in the remote working space as 50% of the workforce is expected to be working remotely by 2020.
We can safely assume that technology companies will be leading the way forward because of the following reasons:
- It’s a growing industry with more startups established than any other sector
- There is a shortage of highly skilled developers and it can be extremely expensive to hire tech talent in certain locations
- Tech support and web development can be completely executed online
So you can bet more software developers will be working remotely from homes, cafes, and co-working spaces for years to come. Not only will it significantly reduce overhead costs for employers, it will also better suit millennials in the workforce.
Further, development teams that function remotely can be highly productive and efficient, but there is one question that keeps popping up. How do you keep your remote software development team safe and secure? Here are five tips that can help keep your development team and company safe.
- Take Extra Steps to Keep Remote Devices Secure
When remote developers are connecting to your systems, they will be doing so with their own hardware and software. So it will be near impossible to see or control how they make that connection.
Although highly unlikely, there is also a chance that they might be working with outdated tools. Further, their systems might also be laden with un-patched vulnerabilities.
In addition, you might have to deal with their laptop being stolen from a cafe or even their home. So if they have saved passwords in browser caches or cookies, your company will be vulnerable. As enterprises embrace remote workers, it’s important that they also take steps to maintain integrity. There're a couple of things employers can do to keep systems secure. The most preferred way is for employers to issue devices for the developers to work on (and forget about BYOD practices which can be a bummer for many remote employees).
Cyber-attacks are most likely to target network vulnerabilities or personnel vulnerabilities, usually through social engineering. Make sure your in-house IT team (sysadmins in particular) is well aware of what equipment is being used to access company networks remotely, and how to continually keep those devices as safe as possible. If your remote talent uses more than just a laptop to access your company systems, make sure your IT department keeps track of all devices and dictates how they should be configured to interact with your corporate information as safely as possible.
The next best thing is to go with optimum implementation. This means that you should configure their devices to closely resemble the setup that employees might expect from office-based computers. Further, you also need to make sure that the employee can’t change the settings or add a new user. Since you’re going to be dealing with software developers, this can be a challenge (as they might find ways around it).
- Set Up a Secure Virtual Private Network (VPN)
You really don’t know where your team members will be working from, it can be a cafe, gym, or even a hotel. So you’re not going to know how secure networks they use are going to be. By setting up a VPN, you can ensure that they connect via your own network on their machine while making sure that no one can get passed the security that has been deployed.
But not every business will have the financial muscle to provide each developer with a new machine, VPN access, etc. So if you’re a startup that is just getting things going on a shoestring budget, what would you do to get around this problem? Two-factor verification can help!
- Set Up Two-Factor Verification
If you’re going to let them use their own devices to connect to your system, make sure that their accounts are protected with two-factor authentication. This extra layer of security where the developer’s smartphone will be sent a qualifying code will provide another barrier against unauthorized use. This is pretty easy to set up and can become the norm very quickly.
- Use Cloud Solutions
When your remote IT workforce uses Cloud-based apps, you automatically make your Cloud service providers accountable and responsible for your data security. When you migrate data to the Cloud, it'll be stored on an off-site server that's supposed to be highly secure. As a result, your remote team can access required information regardless of their geolocation and the chance is high that this information will ever be compromised.
You can take even greater advantage of the Cloud ecosystem by basing all of your cyber security measures on Cloud protection. Yet, Cloud-based systems won't likely protect your remote employees against phishing and malware, so consider developing additional layers of protection beyond Cloud (e.g. OpenDNS)
- Implement an Encrypted Solution
It’s vital to implement an encrypted solution to enable access by role. This is also important for other employees working on the same system as the software developers (e.g. software testers). A lot of Cloud-based services provide this type of encryption (e.g. Encrypted Cloud or SpiderOak). To keep the system and your development team safe, identify what access each individual requires and limit their access to that alone.
Further, you should also make regular evaluations of the security protocols based on the sensitivity of the data you’re working with. Unlike other business functions, security will continue to be a daily challenge. Even if you implement these policies, your employees might find a way to get around it and this will make your system vulnerable.
Further, some might unknowingly engage in unsafe practices like sending important access files via email. So it’s a good practice to remind your remote staff about security best practices on a regular basis.
Some of the Most Secure Online Collaboration Tools We Use At Intersog With Remote Teams:
- Mitro is a lightweight browser-based password manager that logs your remote employees in to your various websites and corporate systems automatically. It's also open-source, making it more difficult to include backdoors and flaws.
- PGP, or “Pretty Good Privacy", is an open-source encrypted email system that has been tried and tested by the security community and has been recognized as "by far the one and only trusted secure encrypted email system" that works perfectly well with your existing email addresses.
- Ghostery is a tracking tool that can be added to your browser to show you how you're being tracked online and by whom.
- Hotspot Shield that allows our remote specialists to securely browse the Internet with end-to-end encryption in public places, which can often be prime targets for hackers and identity thieves.
- Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations.
- Silent Circle is an encrypted voice calling service that works on all existing cellular networks, and others...
Whether you’re a startup or an established enterprise, the same rules apply. To keep your software development team safe, you really have to keep your whole organization safe!