Staying secure outside the office
Your corporate network might be locked down more securely than Fort Knox, but that doesn’t mean your remote working and road warrior employees are so well protected
The biggest revolution in the last decade has been how powerful portable computing devices, ubiquitous internet connectivity and cloud services have radically increased our freedom to work where and when we please. Now, instead of having to stay late or go in at weekends to meet that looming deadline, we can work wherever we find ourselves to be. We are no longer umbilically tied to the office.
But there has been an aspect to this improvement in work-life balance that often goes overlooked: security. When employees and their computers are physically concentrated inside a fixed space, the IT department can bring all its skills to bear to keep business data secure. The internal network can be protected from the external internet by a potent firewall; client computers can have a known software image installed and admin access restricted so nothing else can be installed; antivirus and antimalware can be mandatory; even printers can have firmware hardened against external attack, so they can’t become beachheads into the internal network.
Although almost no day goes by without a new corporate data breach being revealed, most companies have a good handle on keeping their traditional on-premise business IT provision secure. But the same can not be said about those times when employees escape the office to work at home, in transit, or in a public place like a co-working space or coffee shop. The IT manager has far less control over employee behaviour and device usage in these situations.
A lot of the focus on security revolves around the vulnerability of the software used itself. But some of the most effective methods for circumnavigating this security are much less technical than breaking encryption, guessing a password by brute force or finding a weakness in the underlying code. If you’re using a notebook in a public place, a data thief can simply look over your shoulder as you type in a password, reading the login text as it appears on your screen, and taking note of the keys you press for your password. This is a process called “shoulder surfing, and if they then manage to steal your device they can gain access, or they could get into your online accounts.
There are other ways where data thieves can take advantage of human nature and habits. For example, there is hotspot cloning. This is where a second, illicit Wi-Fi hotspot is positioned near a genuine one, for example at a coffee shop, and given the same SSID but no password. Unsuspecting users of the genuine hotspot may accidentally join the illicit Wi-Fi without realising, and then all their internet traffic will be passing through this instead. Any unencrypted data traffic can then be snooped for useful titbits such as logins and passwords. This kind of problem can be alleviated by training your employees to recognise specific attacks like this, and ensuring an encrypted Virtual Private Network is used for all communications back to the internal corporate network.
But providing your employees with a device that includes special provisions to help prevent these kinds of compromise can go a long way towards combatting many of the key dangers. HP’s EliteBook x360, for example, has the option of HP’s Sure View Integrated Privacy Screen. During normal activities, the x360’s screen is a regular IPS panel with pin-sharp detail and great viewing angles. But enable Sure View and the angle of view will suddenly be cut down to about ten degrees in either direction – essentially just the person sitting directly in front of the screen.
The great thing about Sure View compared to the third-party add-ons that are available is that you don’t need to attach anything to your screen, and you can easily turn it off and on at the touch of a button. This means you can have a bright screen with wide angle of view when you want one for presentations or sharing data at a meeting, but quickly restrict the angle when you need privacy in a public place.
The HP EliteBook x360 has another (literally) handy security feature for public usage – a built-in fingerprint reader. A shoulder surfer is not going to be able to snoop on your fingerprint if you use this as your primary login via Windows Hello. This can also be harnessed so that your fingerprint unlocks passwords for other services, encrypted documents and websites. If the main storage of your notebook is protected by encryption, a thief will not be able to get access without your fingerprint. HP’s EliteBook x360 also incorporates a Trusted Platform Module (TPM) chip so encryption keys are kept on dedicated hardware rather than the main storage drive, providing a much more secure platform overall.
Losing a mobile device isn’t just a disaster when a thief can get into it; there is also the value of the data itself. If the only copy of your data is on the mobile device that has just been taken, even when the device remains inaccessible you have lost potentially irreplaceable information, costing time and money. This is another aspect of mobile working that can be partially combatted by staff training, so that they regularly keep backups of their important data. However, if you make it company policy to keep data on a cloud storage system such as Google Drive, Microsoft OneDrive or Dropbox, with the contents merely synchronised with a local drive for use, losing the copy of data on that device is not a mission critical failure. A new device with access to the same cloud storage account will get you back up and running again with scarcely a hiccup, apart from the time taken to transfer data back to the local device.
Of course, a whole further can of worms is opened by the continuing trend towards Bring Your Own Device (BYOD), where employees can use portable computing devices such as smartphones and laptops they have purchased themselves for work activities. But that’s another story, and if you give them company-supplied devices that they enjoy using, they are far less likely to feel the need to supplement these with their own hardware. By providing a powerful and flexible mobile computing device with plenty of built-in security, you can make sure their work outside the office is as safe as when they’re on premises.
Intel, the Intel Logo, Intel Inside, Intel Core, and Core Inside are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.