7 Essential Practices for Securing Data With Remote Employees
Since the beginning of the pandemic, over half of all workers reported some level of transition to working from home. As the Covid-19 crisis drags on indefinitely, remote working is becoming the new normal.
There are many benefits from a workforce officing from home: Happier and more productive employees, commute time that can be used instead for family time, reduced company overhead, the list goes on and on.
But the potential security threats that accompany such a shift are significant. From email phishing scams, to using an unsecured WiFi signal at Starbucks, working to secure your company data while your employees work remotely has never been more important. Here are 7 things your firm should implement right away to keep your company and your clients’ data secure.
- Keep work stuff on work computers, and vice versa for personal computers.
Employees may not consider company security policies when at home. For example, employees may allow their children to use corporate laptops to play games. Or, they may be using for work purposes their personal laptops with no tools to secure it.
These activities can lead to a compromise of the device and the connected network. Ideally, all employees should use corporate-provided devices. The company IT department should have security controls in place on these devices such as firewalls, endpoint detection and response, and antivirus software.
If your employees insist on using their own devices, there is a work-around with remote desktops; more on this later.
- Communicate Clearly Expectations to Staff
Don’t be shy about sending out regular memos that clarify and modify company policy on data security best practices. Common, intuitive practices should be constantly reinforced for new hires and workers who lack such technological intuition. Some policies to make absolutely clear:
- Avoid public wifi (use a company hot spot if necessary)
- Never step away from your device, even if it’s to go to the bathroom for 20 seconds, or if you are leaving it in a locked car.
- If you’re in public, avoid positions where someone can see your screen.
- Never use random USB drives, your company IT department should issue cleared ones for staff.
- Do not charge mobile devices off unknown USB ports; instead, use the pluggy guy thingy (that’s the technical term).
- Be a Stickler for Passwords
No groundbreaking information here: Set up standards for employee passwords: One “$”, one number, one capital letter, and one drop of blood. We all know it’s a pain to have such standards, but the added security is worth it.
Also, force staff to change passwords regularly. This may seem to young employees like a waste of time, but one cyber attack later you’ll be wishing you did this sooner.
The most thorough way to maximize security would be to set up multi-factor authentication. Waiting for an authentication code is a step many people would rather not take. However, this one practice is remarkably effective in preventing security breaches. Online banking and university student portals all use multi-factor authentication.
- Set up a VPN
Virtual Private Networks (VPNs) provide three main benefits: They make it possible to access resources remotely that would otherwise be inaccessible from offsite locations, while also encrypting connections, and providing some access control for corporate networks. Setting up a VPN and requiring all remote connections to pass through it is a basic best practice for keeping resources secure when employees work remotely.
That said, it’s important to note that a VPN is not a silver bullet. It mitigates the risks of some types of attacks, such as data sniffing, but it does little to protect against threats like phishing. Plus, it may contain its own set of vulnerabilities exploitable by attackers. Think of a VPN as one layer of defense for remote-access security, but not a complete solution.
- Use Remote Desktops
Even protected, company issued devices can be a liability when floating around outside of the office. One powerful tool keeps all company computers (and company data) in house, and employees can use their own devices to access them.
Remote Desktop software allows staff to access and do all work on their company computer, remotely. They login on their own devices and have full access to their work desktop computer, even when using mobile devices!
Recently updated software uses industry standard encryption, so you can rest assured your data is safe. Requiring all employees to do all work via remote desktop, with multi-factor authentication to log in is an ideal level of security.
I recommend trying Citrix’s remote desktop software, for its intuitive ease of use, security, and reliability.
- Train Staff to Avoid Phishing Attacks
Fraudulent emails purporting to be from reputable companies are a common attempt to gain personal data. And, employees working remotely are especially vulnerable to these scams. Employees clicking on these malicious links can give threat actors access to company access login credentials.
Criminals who specialize in phishing scams lure individuals into providing sensitive information, including banking, credit card and password information. Individuals and businesses lost more than $3.5 billion in 2019 from email phishing scams.
Because the majority of all security breaches come through email scams, if staff receives robust training on what such emails look like, your firm takes a huge cybersecurity step forward.
- Put the Experts on the Job
Your focus should be on the growth of the firm, your IT Crowd can focus on your cybersecurity. They will also advise your employees based on the specific needs of your company. From setting up secure laptops to go home with remote workers, to setting up a VPN, to advising how painfully inconvenient your password policy ought to be, competent IT consultants are your best defense against the myriad of attacks out there.
Questions about anything you’ve read today? WAMS has been providing premium security for hundreds of clients since 1974. If you need more security, or are unhappy with your current IT service provider, request a free security assessment by clicking here. Or give us a call at (800) 421-7151.