Remote Work Security Tips for Developers
Best practices for remote work security for developers include creating office setup standards, requiring cybersecurity training, providing immediate support, and more.
Join the DZone community and get the full member experience.
Join For FreeRemote working arrangements are popular perks for developers. Many appreciate that they can do their jobs without daily commutes. Hiring managers and other decision-makers also like how remote work removes the geographical limitations of physical offices, making it possible to find talent outside the local job market.
However, despite remote work’s perks, it can pose additional security risks for developers and their employers. Following some best practices can significantly reduce them.
1. Require Remote Developers To Meet Setup Standards
On-site developers usually work in environments with numerous built-in security safeguards. For example, the office network is secure, as are the computers the developers use daily. IT teams also typically have management processes so that all desktops, laptops, or other devices always have the latest security updates and operating systems.
These realities mean developers’ offices have security layers that stop hackers and address potential vulnerabilities. However, a developer’s remote workspace is a comparatively less controlled environment. Many of these professionals use unsecured networks and their home computers. It’s then much more challenging to identify and tackle potential security gaps.
A practical alternative is to mandate that developers can only work remotely if their computers and networks meet minimum security standards. Company-provided equipment can help meet that goal, along with requiring remote developers to access their workplace through VPNs.
A related tip is to establish remote device management policies. People won’t need to update device software themselves — it’ll happen automatically in the background.
2. Set Aside Time for Cybersecurity Training
One possible downside of developers working remotely is that they may miss out on chats with colleagues about emerging security threats or new policies to keep the organization safer from cyberattacks.
However, managers reserving time for remote developers to complete periodic training can fill those knowledge gaps. These learning sessions should fit as seamlessly into the workday as possible and cover relevant topics that will help developers do their jobs better. One possibility is to provide the education in short sessions and allow time for people to complete them within their usual work hours.
One program in the U.K. intended to make developers feel more motivated about writing secure code. However, one finding was that motivation wasn’t the root issue. Rather, developers needed environments that allowed them to apply what they learned through training and awareness-raising activities.
Managers should create such settings by giving remote developers training content they can apply to their daily work. It’s also helpful when developers learn cybersecurity is a group effort, even when working in off-site locations.
3. Provide Developers With Access to Immediate Support
One poll found only 20% of workplaces still require employees to come into offices for every shift. The rest allow either fully remote or hybrid arrangements. That statistic highlights the need for supervisors to adapt their management strategies to reflect the growing influence of remote workforces.
A cybersecurity-focused way to do that is to give remote developers phone numbers, email addresses or other communication methods they can use to get quick support for all things related to internet security. If an office worker receives a suspected phishing email, they can usually contact someone in the workplace to get further feedback or at least report the issue. However, some remote workers can become disconnected from such support.
When remote workers lack immediate cybersecurity resources, they may make poor assumptions or snap judgments that ultimately risk their companies. However, when they can easily report cybersecurity concerns or ask related questions, it’s less likely they’ll make such blunders.
Immediately reaching a cybersecurity team member isn’t always possible due to time zone differences, though. In such cases, the next best option is to provide a template for developers to follow when documenting and reporting cybersecurity issues. Additionally, such content should include reminders, such as that development professionals should always err on the side of caution and never engage with something that arouses their suspicions.
4. Enforce Good Password Hygiene
Remote working arrangements make verifying that developers follow best practices for setting and using passwords much more challenging. However, organizations should consider implementing some parameters to improve the situation.
A popular option is to require people to periodically change their passwords for work-related tools. If someone must set a new password every couple of months, it’s much harder for hackers to compromise the account after a credentials leak. That’s because the password works for a shorter period.
Maintaining security question integrity is a lesser-considered part of password hygiene. Well-chosen security questions and answers should involve information only the account holder knows. However, many viral social media quizzes ask people questions about their first cars, the names of their kindergarten teachers, or the streets on which they grew up. While those may seem like innocent games, it’s easy to see how these quizzes could give cybercriminals the necessary answers to pass security question checks.
Involve Remote Developers in Cybersecurity Decisions
Anyone involved in keeping workplaces secure for remote developers should always encourage those professionals to participate in and give feedback about all relevant organizational policies. When people feel heard and respected, they’ll be more likely to embrace and follow all expectations and encourage other remote workers to do the same.
Opinions expressed by DZone contributors are their own.
Comments