In a post-Covid world shaped by talent shortages, high inflation, economic uncertainty and the pressure to accelerate digital investment, small and midsize businesses are facing significant headwinds. Technology enables remote working, and the pandemic has proved that it works. Business leaders who face resourcing challenges are now able to explore a wide range of recruitment options such as outsourcing or offshoring. From entire development teams, to virtual assistants and accounting staff, offshoring opens doors to a wealth of talent. How can you keep offshore staff cyber secure and protect your business?
In most cases, small businesses will be working with a handful of offshore staff as if they are their own (remote) employees, except they’re working from a different country with a different technical infrastructure, regulations and risks. Extending access to your own network via Microsoft Azure is a simple way to centrally control access and mitigate cyber security risks. There are a few strategies that you can choose to implement when it comes to defining your infrastructure to support offshore employees. Let’s take a look at the most popular options:
Providing a secure, pre-configured device
The most secure option provides them with a pre-configured device. Your offshoring partner might be able to source it locally and you can build it to your specification remotely using tools such as Windows Autopilot. We recommend this approach if your employee needs to download or test sensitive data on their own device, for example, an IT engineer.
The other route you could take is to follow the same protocols you would have if your business had a policy of BYOD (Bring Your Own Device). This should be adequate for admin staff or researchers. In order to make it secure, you would enrol\register their device on your Azure Active Directory server in the Cloud. Using Microsoft’s Azure Virtual Desktop (AVD), you can give them access to all of the applications they need, safely and with your own configuration. For example, you can lock down access to certain areas and documents, restrict their ability to copy files to their local machine, and restrict where they can print.
You can configure AVD to either display a selection of apps that they choose to access, or you can provide a full-blown remote desktop session which gives them the same experience as a local machine, except that it’s in the Cloud.
There are a number of security risks you should expect your offshore staffing provider to have mitigated even if your offshore staff have direct access to your network via Microsoft Cloud:
Have you evaluated your offshore staffing providers employee screening process? Be as ruthless as you would when screening your own employees. You will want to be confident that your offshoring partner shares your concerns and has implemented robust screening measures. This will reduce the risk of your data being compromised by an underqualified new hire or a malicious insider.
Make sure your offshore staffing partner’s employees are working in a secure network environment with a secure network connection. Many offshore workers access the internet via wi-fi which means that any data transmitted between the offshore team and your in house team can be intercepted. Using an ‘always on’ VPN environment is more secure. This became a popular strategy during the pandemic when companies weren’t able to assess the security of home internet connections. The security benefits of ‘always on’ VPN include conditional access and device compliance and traffic filtering. An ‘always on’ VPN is configured to start up automatically wherever your user needs access, be that in a remote office, hotel, home or in a coffee shop.
When working with offshore teams, make sure they are provided with sufficient cyber security training. If in doubt, include your offshore staff in your in house cyber security training.
Password policies such as Multi Factor Authentication are vital to protect your data from a brute force attack. Here at Ziptech, we follow the UK Government guidelines.
A lack of encryption will leave your data exposed to interception. Your offshore staffing partner should have robust data encryption methods in place. With Microsoft Azure, you can enforce Bitlocker Drive Encryption which protects devices that have been lost or stolen. If Azure flags up a desktop that is non-compliant, you can create a rule which denies access.
Backup and Disaster Recovery
Has your offshore staffing partner got a plan in place should disaster strike? Ask to see documentation and check that it is sufficient for your project’s needs. Barracuda Cloud to Cloud as our default provider here at Ziptech. At the time of writing, the retention period for Barracuda Cloud to Cloud is indefinite, so you can go back to the moment in time when you first set it up, should you choose to back up your data forever.
Lack of Office Security
Some countries have stricter data protection laws than others and you will need to mitigate the risks of your data falling into the wrong hands. It sounds simple, but choosing an offshore staffing partner who has invested in physical security is essential. Basic on site security should be in place such as access control, CCTV and security guards.