COVID-19 social distancing requirements have forced millions of employees to work from home, and this new model could continue even after pandemic restrictions end. When you enable your employees to do their jobs remotely, you’re taking a big step toward keeping your business going during uncertain times. But there are risks involved as well. For example, one important part of this process is making sure employees are keeping your data secure.
Breaches are more likely when employees work remotely as data might get transferred across unsecured connections or employees may lack protections on at-home devices. But you can take some key steps — on your own or with the help of nearshore software development companies like BairesDev — to promote cybersecurity while employees work offsite.
Remote workers operate without standard in-office technical support, so you must provide training to help them understand the importance of cybersecurity and have the knowledge they need to protect your company and themselves. Training should include:
Data breach consequences
Employees are more likely to take cybercrime seriously if they know the full range of potential outcomes, including loss of productivity, financial costs, and a negative impact on the company’s reputation.
How to identify the latest in hacker methods
Teach employees about the latest in fraudulent communication attempts, such as phishing emails that try to trick users into clicking links that install malware or steal information. Specific details of these attacks change frequently, so keep employees updated on what to look for.
What to do in case of a data breach
To ensure you can mitigate damages with a rapid response, create an emergency response team for employees to contact if they recognize a breach has occurred.
Establish a Strong Security Policy
Create a written data security policy and require new and existing employees to review and sign it, whether they’re working remotely or not. The policy should include:
- Reasons for security protocols such as protecting customer privacy and avoiding unnecessary costs
- Company-specific protocols such as password requirements and a data backup plan
- Tools and support for employees such as encryption software and tech assistance
- Additional precautions for remote workers such as rules for at-home devices and internet connections
In addition, implement “context-sensitive” security measures to ensure remote workers only have access to information they need to perform their jobs. Periodically audit account access to reduce the threat of internal security breaches. When anyone leaves their job, remove all access, using data wipes and account suspension.
Make Internet Connections Secure
Wi-Fi networks are a major source of data exposure. Remote workers increase that risk by using vulnerable at-home routers or unsecured public Wi-Fi. You can offer a secure means to connect to company computer systems from offsite locations with a Virtual Private Network (VPN).
A VPN keeps data private through encryption and security protocols, creating a virtual “tunnel” between offsite devices and the company’s network. You can build your own VPN with a network access server and client software installed on devices or select a reliable service provider to create and maintain one for you.
Smartly Manage Passwords
Make sure all remote employees have good password security training. They should be able to:
- Create strong passwords using long phrases and complex characters.
- Use a unique password for each account, rather than the same one everywhere.
- Reset default passwords on in-home routers.
Remote workers can use a password manager to randomly generate and store encrypted passwords, which can be set to periodically remind them to reset their credentials and automatically lock-out idle sessions.
Make sure employees are using two-factor authentication (2FA) whenever possible. This security step adds a layer of redundancy to ensure only authorized users can access accounts. 2FA confirms identify by requiring information beyond a username and password, such as:
- Answers to security questions
- Verification codes sent via phone, text, or email
- Biometrics including fingerprint, voice, or retina recognition
With 2FA, even if the username and password to an account are stolen, hackers will be unlikely to get in. You can also use this method as an alert that someone is trying to access a company account, so you can take additional steps to secure it.
Take Advantage of Security Software
Don’t assume that remote employees’ personal devices have sufficient or active protections installed. To avoid added risks, provide the latest versions of top-level security software, including encryption, firewalls, antivirus, and antimalware, and make sure it stays current by activating automatic updating. The software will need to be compatible with each employee’s devices. You can offer these resources from your internal tech support team or through nearshore development outsourcing.
Create a Backup Plan
Require mandatory backups of important company data, ideally to a cloud-based service such as an Enterprise Content Management (ECM) system. ECMs safely store files and allow secure access from multiple locations and devices. They work through browser-based interfaces or easily installed apps. ECMs are mobile-friendly for phones and tablets, which remote workers often use.
If a cloud-based service isn’t available, employees may use external drives for backups, but be sure they will be stored securely to avoid theft or loss. Discourage the use of USB sticks, as they are often infected with malware.
As your company navigates the current reality of employees working from home, make sure you take smart steps to protect your valuable data and mitigate the added security risks to keep your information and your employees safe.