Is your business considering more flexibility for your employees? Are you thinking of allowing remote work for your staff? Everybody else seems to be on it; according to a global survey by International Workplace Group (IWG), 70% of employees across all industries do remote work at least once a week, and the numbers continue to rise. So now you’re eager to jump on the remote work bandwagon. The question is, is your company ready?
The security risks of remote workWith remote work comes the issue of cybersecurity. It is already a daunting task in the office; what more when your employees start working outside the office, using their own devices, and tapping into unsafe Wi-Fi connections? The following are some of the main security risks that remote workers face but may not even be aware of:
- Everything is electronic. With remote work, all your communications are electronic. Even water cooler conversations are online. Anyone who’s ever had an online chat knows that in between work issues, people will also talk about the latest episode of Game of Thrones, indulge in a bit of office gossip, and even share personal information. The sharing of information online makes it vulnerable to leaks and hacks.
- Lack of standard tools and support. Those who do remote work are often not provided with standard equipment and devices. They also may work in places that do not have a secure infrastructure, and IT support may not be readily available to them. And because remote workers are responsible for their own cybersecurity, they may end up working with tools that are different from what your company uses.
- Personal and business mix together. Those who work from home often use the same software and hardware for their personal and work needs. When a device is lost or hacked, the resulting data breach will affect co-workers, clients, the company itself, and the remote worker as well.
- Risky online behavior. Remote workers have no one to police them, so it’s easy for them to engage in risky online behavior, like opening email attachments from unknown or suspicious sources, allowing others to borrow their work devices, using unsafe internet connections, using other personal non-protected devices to access work files, etc.
Best practices for remote workers and their companiesWhile there are many practices to stay secure online, none of them are 100% foolproof. That’s why the more practices listed below that you follow, the more protected you will be. For remote workers
- Use a virtual private network (VPN). It encrypts your data and routes it to an intermediary server; it’s like having a private network while using a public network.
- Always update all your software regularly for the latest protection against known viruses and malware.
- Apply best practices in crafting a strong password.
- The mantra is: “Keep it complex, lengthy, and easy to remember.” Complex is using different characters, symbols, numbers, and capitals. But a complex mix can still be easily hacked by a computer. That’s why you should make them 12 to 15 characters long. The more permutations, the more difficult it is to hack even for a super-fast computer. Here’s an example: #toBe0rNot2b?!
- As an added layer of protection, change your passwords often. The more passwords, the merrier. And don’t use one password for multiple accounts; should hackers get hold of your password, all your accounts are in danger.
- Keep work and personal data separate, preferably on different devices.
- Install FindMyDevice or some similar app on your laptop or mobile devices. You may still be able to recover your device should it be stolen or misplaced.
- Store your data on a secure cloud-based server instead of your hard drive.
- Make use of available security software tools.
- When in public, do not leave your devices unattended. Breaches due to stolen devices have proved to be costly mistakes, especially for the healthcare industry in the past.
- Use a VPN to secure all web traffic coming into your network.
- Update all software regularly.
- Apply best password practices.
- Reduce your points of vulnerability by keeping everything in one place. For example, you can use the cloud for data storage as well as a platform for information exchange and collaboration. That way, you only need to protect your cloud location instead of multiple hard drives and devices.
- Enforce two-factor authentication for everyone in the organization.
- Enforce data encryption on all devices, even employee-owned ones.
- Make clear remote work policies, especially on USB usage and BYOD initiatives.
- Provide tools for remote working, so everyone will have standardized software and, if possible, hardware.
- Create cybersecurity travel policies for employees.