December 1, 2022

Secure device relocation starts with secure onboarding

The big quit shows no signs of abating, with 20% of workers globally planning to quit their jobs this year. This is not only alarming from a hiring and culture perspective, but also from a safety perspective. Outbound employees present a significant data exposure risk, intensified by the new remote/hybrid landscape first.

It’s no surprise, then, that 98% of business leaders have cybersecurity concerns about high employee turnover — specifically, Insider Risk. Insider risk describes any data exposure event (whether intentional or unintentional) that originates within the business, including departing employees.

The top concerns for business leaders are around the use and visibility of personal devices. More than half (55%) of employees admit to using personal devices for work at least occasionally. For example, 71% of business leaders are concerned about departing employees keeping sensitive data on their personal devices and/or in cloud storage.

The same proportion (71%) of business leaders also say they lack visibility into what data departing employees pass on to other companies, which can be particularly concerning if employees are transferring to competitors.

Tips for Safely Relocating Remote Employee Devices

Not all organizations can afford an in-house security operations team, but every organization should implement basic data protection measures to minimize security risks when departing employees.

It is important to note that a secure device relocation process does not begin at the time of relocation. Steps taken even before a device is deployed to a remote tenancy can help mitigate security risks later.

Here are three simple steps you can take to ensure a secure device relocation process for remote employees.

#1 Provide every worker with a company device (avoid BYOD models)

The easiest way to mitigate the use of personal devices is to simply provide devices to workers.

Bring Your Own Device (BYOD) policies have the illusion of saving businesses money on device purchases. But the average data breach is estimated at $4.35 million. As more than half of IT professionals believe that using personal devices increases the likelihood of a security breach, this cost savings could be financially detrimental in the long run.

Deploying devices for remote workers has never been easier, thanks to the rise of home office management solutions since the onset of the pandemic.

#2 Pre-configure devices before deployment

If employees set up their work devices themselves, they can use their personal Google or Apple ID to sign in to apps. This exposes your organization to data theft.

Unless you have security measures in place to prevent this, personal logins will sync data to the cloud for all devices linked to that employee’s account. Thus, your employee can download sensitive data to their personal device using their personal ID and retain this data after leaving your organization.

If you configure (pre-configure) devices before deployment, you can not only create user accounts for your employee to prevent the use of personal login, but also install security policies on the device to minimize other security breach risks.

#3 Choose a device management provider that allows restricting USB usage, software installation and more

Mobile Device Management (MDM) or Unified Endpoint Management (UEM) systems allow you to remotely monitor, secure and manage your devices. Make sure your provider offers the following features to limit security risks when offshoring:

USB Usage Restriction

Organizations can easily audit emails and other online tools. But USB drives and other portable storage devices are essentially blind spots for IT and security teams, especially when employee devices leave company offices.

Unless its use is restricted, employees can quickly and easily store sensitive data – including emails, contact lists, databases, and more. – on these devices, and keep this information long after they leave.

Make sure your MDM makes it easy to restrict the use of USB devices — including flash drives, USB cameras, and thumb drives — on all company devices.

Prevent unauthorized use of the app

Shadow IT – when employees use computer systems, devices, applications, etc. without IT’s knowledge or approval – has crept onto the radars of IT security teams with the rise of remote working.

Many organizations create lists of allowed applications, without putting measures in place to prevent the use of unauthorized applications. However, allowing employees to download the apps they like increases the risk of data leaks (e.g. employees transferring sensitive work data via Whatsapp), malware infecting your devices, etc.

Minimize these risks by limiting download capabilities through your MDM.

Ability to remotely lock or wipe device data

If your employees use their devices away from your offices, it’s essential that you can wipe the data remotely and/or lock them. The reasons for this go beyond offboarding. A laptop is stolen every 53 seconds and a lost work laptop is estimated to cost a business over $49,000.

Offboarding remote employees isn’t as simple as asking them to clear their desks and leave their work devices behind. An employee keeps their work device until you can retrieve it, which can take weeks if they’re in a hard-to-reach area or communication is slow.

If you have the ability to remotely wipe your devices, you can wipe company data as soon as your employee’s contract is terminated.

About the Author: Sami Bouremoum is the CEO of Hofy. Prior to founding Hofy, Sami led growth management and territory expansion at Samsara (unicorn a16Z), working on logistical and operational issues associated with scaling teams across geographies. Sami also worked at Bain in management consultancy and holds a PhD in Computer Science from University College London.