Telecommuting is a popular perk for developers. Many people appreciate being able to do their job without having to travel to work every day. Hiring managers and other decision makers also like how telecommuting removes the geographic limitations of physical offices, making it possible to find talent outside of the local job market.
However, despite the benefits of remote work, it can pose additional security risks for developers and their employers. Following some best practices can significantly reduce them.
1. Require remote developers to meet deployment standards
On-site developers typically work in environments with many built-in security safeguards. For example, the office network is secure, as are the computers that developers use every day. IT teams also usually have management processes in place so that all desktops, laptops or other devices always have the latest security updates and operating systems.
These realities mean that developer offices have layers of security that stop hackers and address potential vulnerabilities. However, the remote developer workspace is a relatively less controlled environment. Many of these professionals use unsecured networks and their home computers. It is then much more challenging to identify and resolve potential security flaws.
A practical alternative is to mandate that developers can only work remotely if their computers and networks meet minimum security standards. Company-provided equipment can help achieve this goal, along with requiring remote developers to access their workplace via VPNs.
A related tip is to establish remote device management rules. People won’t have to update their device software themselves — it will happen automatically in the background.
2. Take time for cybersecurity training
One of the potential downsides of developers working remotely is that they may miss conversations with colleagues about new security threats or new policies to protect the organization from cyberattacks.
However, managers who reserve time for remote developers to complete periodic training can fill these knowledge gaps. These learning sessions should fit as seamlessly into the workday as possible and cover relevant topics that will help developers do their jobs better. One option is to deliver the education in short sessions and give people time to complete them within their normal working hours.
One program in the UK aimed to encourage developers to feel more motivated to write secure code. However, one discovery was that motivation is not the main problem. Instead, developers needed environments that allowed them to apply what they learned through training and awareness activities.
Managers should create such settings by providing remote developers with training content that they can apply in their daily work. It’s also helpful when developers learn that cybersecurity is a collaborative effort, even when working offsite.
3. Give developers access to immediate support
One survey found that only 20% of workplaces still require employees to come into the office for each shift. Others allow either completely remote or hybrid arrangements. These statistics underscore the need for supervisors to adapt their management strategies to reflect the increasing influence of the remote workforce.
A cybersecurity-focused way to do this is to give remote developers phone numbers, email addresses, or other communication methods they can use for quick support on all things Internet security. If an office worker receives an email that is suspected to be phishing, they can usually reach out to someone at work to get additional feedback or at least report the problem. However, some remote workers may be excluded from such support.
When remote workers lack current cybersecurity resources, they can make bad assumptions or make quick judgments that ultimately put their companies at risk. However, when they can easily report cybersecurity issues or ask related questions, they are less likely to make such mistakes.
However, it is not always possible to contact a member of the cybersecurity team immediately due to time zone differences. In such cases, the next best option is to provide a template for developers to follow when documenting and reporting cybersecurity issues. Additionally, such content should include reminders, such as that developers should always be cautious and never engage in anything that raises their doubts.
4. Implement good password hygiene
Remote work arrangements make verifying that developers are following best practices for setting and using passwords much more of a challenge. However, organizations should consider implementing some parameters to improve the situation.
A popular option is to require people to periodically change their passwords for work-related tools. If someone has to set a new password every few months, it’s much harder for hackers to compromise an account after a credential leak. This is because the password works for a shorter time.
Maintaining the integrity of the security question is a less considered part of password hygiene. Well-chosen security questions and answers should include information that only the account owner knows. However, many viral quizzes on social media ask people questions about their first cars, the names of their kindergarten teachers, or the streets they grew up on. While these may seem like innocent games, it’s easy to see how these quizzes can give cybercriminals the answers they need to pass security checks.
Involve remote developers in cybersecurity decisions
Anyone involved in keeping remote developer workplaces secure should always encourage those professionals to participate and provide feedback on any relevant organizational policies. When people feel heard and respected, they will be more likely to accept and follow through on all expectations and encourage other remote workers to do the same.