Modern technology makes it so easy for employees to work remotely that they might be forgiven for assuming it also automatically protects them against security threats. Not so. Especially if they regard security as your responsibility, not theirs. If you want to avoid serious problems, you must establish and implement remote working security best practices right across the business.
1. Put your cyber-security policy to work
It’s surprising just how many organisations still don’t instil in their staff the importance of data security. Employees who don’t work directly with customer data or who operate at a relatively low level within the company may ignore it. You need to set the tone by establishing, publishing and promoting your cybersecurity policy – and requiring all your people to read and sign it, whether they work remotely or not.
The policy needs to explain why cybersecurity is important, give details of the security protocols you expect employees to follow, the support you will provide, and the consequences of not doing the right thing. The bottom line is that protecting company data is everyone’s responsibility.
2. Secure all your internet connections
Unsecured Wi-Fi networks are the most common weak link in data security. Don’t deter your people from escaping the house to their local coffee shop or similar. Everyone needs a break now and again. But, logging on to unprotected Wi-Fi at the gym puts data at risk.
The good news is that there’s a simple solution – you insist that they log on to a virtual private network (VPN) before they use public Wi-Fi. This will encrypt their internet traffic and monitor it for risks. OF course, some VPNs are better than others, so make sure you’re using a solution that covers everything you need.
3. Take passwords seriously
It’s a running joke that, even after all these years, people still use ‘1234’ or ‘password’ or similar, but it’s not funny when you have a data breach. Think about providing password security training to your employees, starting with the basics of how to come up with a strong password and avoiding using the same one every time.
Even better, use a password manager to randomly generate passwords and store them safely. There are many to choose from.
4. Use two-factor authentication
We’re all getting used to two-factor authentication to verify bank transactions, authorise payments and log on to government websites. It’s the process that requires both a username and password and another piece of information, such as a PIN sent to your mobile phone.
This means that even if a password is stolen, the chances of fraud are slim. You might even consider multi-factor authentication, including biometrics such as voice, retina or fingerprint recognition. It’s more complex and expensive, but it may be worth it if you need more security.
5. Use encryption software
It’s vital that any programs used by employees to chat, send emails or share files should be equipped with end-to-end encryption. This is standard practice for many popular applications, but it’s worth checking that people aren’t using any other platforms that are less secure.
While working from home may reduce the chances of an employee’s device being lost or stolen – on public transport, for example – using a public place as a temporary office will certainly increase it. Encryption software can protect company data by preventing unauthorised users from getting access to a device.
6. Install and use security programs
Updates and new versions can be a pain, but there’s no excuse for remote workers to have anything but the latest firewalls, antivirus and anti-malware software on all their devices, including laptops, phones and tablets. You might also consider the option of being able to remotely wipe devices if they go astray.
To make this work, you may have to rethink the way you provide IT support. Some employees may not be confident of their ability to manage this kind of ongoing protection, so you may have to provide step-by-step guidance on the phone – or you might look for local tech support partners, who can offer a convenient face-to-face service.
Final thoughts
Working remotely doesn’t necessarily increase data risk, but it does complicate things a little. The key is education and collective understanding. Once you make best practice the norm, employees will think nothing of following it – and feel reassured that they are doing their bit to protect the security of company data.
