Location flexibility is one of the perks of working remotely. But as telecommuting becomes more of a standard practice, data security becomes more of a concern. From employees using unsecured Wi-Fi networks to workers carrying confidential papers with them to public locations, remote work has added additional levels of security considerations for companies and their data.
According to Shred-It’s 2018 State of the Industry Report, 86% of business executives believe remote workers increase a company’s chances for a data security breach. Company leaders and their employees need to accept equal accountability in doing what they can to protect their company’s information.
To start, leaders should educate employees about data security and how everyone is responsible for protecting it. They also need to initiate certain practices and procedures that will strengthen data security within their businesses. Remote workers must also prioritize data security education and safe practices, then commit to those measures. So what can companies and their remote workers do to protect their data? Here are six ways to get started.
1. Establish a Cybersecurity Policy
The first step in protecting company data is to make sure all employees know that data security is a priority. Believe it or not, some employees today might still not be aware that data security is something they should be concerned about, at both a personal and professional level.
Employees may assume if they are not working directly with customer data, or if they are not operating at an upper level within the company hierarchy, then they simply don’t need to worry about data security. Organizations cannot assume their employees know anything about cybersecurity or their role in it.
The best place to begin is by establishing a cybersecurity policy. Require all new and existing employees to review and sign the policy, regardless of whether they work remotely or not.
The policy document should cover the reasoning behind having a policy in the first place, as well as details outlining all of the various security protocols employees are expected to comply with, how the company will support them in complying (i.e., which tools and resources they will provide), and a place for the employee to sign their commitment to following the policy.
Everyone in the company must take ownership in protecting employer data, and by having an established policy in place, all employees — remote-working or not — will be on the same page as to what the expectations are.
Related Article: Your Riskiest Data Is Often Hiding in Plain Sight
2. Ensure all Internet Connections Are Secure
Using an unsecured Wi-Fi network is the most common way to expose your company to a data security breach. Everyone understands the need to get out of the house every now and then as a remote worker, and the lure of your local coffee shop — with the comradery of other remote workers and your favorite hot beverage — can be the perfect break. The last thing you want to do is forbid employees from working where they feel most energized and motivated. In this case, the remote workers just need to be educated about how to make sure they can keep the company's data secure.
The easiest solution is to require employees to use a virtual private network (VPN). Using VPNs before signing on to public Wi-Fi networks will encrypt the internet traffic of the remote worker and monitor for any signs of infection. Remote workers can still get out of the house when they feel isolated, and companies can ensure their data is secure.
A note of caution: not all VPNs are created equal. To make sure your organization is using the right VPN, verify the VPN you are using covers all of the factors you need it to and not just last-mile encryption. After you decide the standards you want, review the provider's reputation and conduct a cost comparison.
Related Article: How to Improve Support for Remote Workers
3. Keep Passwords Strong and Varied — and Use a Password Manager
Password safety is another relatively easy way to protect your organization’s data. Many people joke about password safety, admitting they use the same password from device to device and program to program, but educating remote workers about password protection is key to securing your company’s data.
Offering password security training can be yet another step in cybersecurity training for employees. Start with the basics of how to keep passwords strong and why it’s so important to not use the same one over and over again.
Another way for organizations and employees to mitigate this risk is by using a password manager that can randomly generate passwords for you and that stores all of your passwords safely. Then employees won’t have the daily struggle of remembering all of their different passwords for different programs and the company data can remain secure and uncompromised.
Related Article: Why You Shouldn't Make Fun of Mark Zuckerberg's Password
4. Rely on Two-Factor Authentication
Many organizations are moving to two-factor authentication (2FA) for their data security management. This method confirms a user’s identity by first requiring a username and password, as well as another piece of information, whether it be an answer to a “secret question” or perhaps a PIN that was sent to their cell phone.
Passwords can often be compromised or stolen, but with 2FA, the chances of someone also having the additional security question’s answer or a PIN is unlikely. This added layer in the security process can provide remote workers and their organizations the peace of mind they need in this digital age, when passwords just aren’t enough anymore.
To take it a step further, companies could move to multi-factor authentication requiring additional verification that might include biometrics like retina, voice or fingerprint recognition. The authentication is definitely more complex — and more expensive — but it could be worth it depending on the level of security an organization needs.
Related Article: Goodbye, Passwords ... Hello, Biometrics
5. Use Encryption Software
Using encryption software is another way companies and their remote workers can protect themselves. If an employee’s device is stolen or lost, the information on that device can find its way into the wrong hands and expose the company to data breaches and vulnerabilities. Encryption software can protect company data by barring access from any unauthorized users of those devices.
Additionally, businesses should be mindful that any programs used for chatting, email or applications should utilize end-to-end encryption. Popular programs like Microsoft Office and Adobe Acrobat, for instance, can easily encrypt files and documents that your remote workers use and share with coworkers.
Related Article: Cybersecurity Demands We Think Globally, Act Locally
6. Don't Forget Firewalls, Antivirus Software and Anti-Malware
Require remote workers to have up-to-date firewalls, antivirus software and anti-malware on all their devices — including cell phones and tablets, in addition to their laptops. Companies might also want to consider having the ability to remotely wipe devices in case they are lost or stolen. Mobile device management platforms can perform most or all of these services, allowing remote workers to continue to use their own devices while ensuring the safety of company data.
This is an example of when a remote worker might need assistance from their employer in making sure their devices have these protections installed. Employees don't all have the same level of technical expertise, so any organization concerned about their data security should be prepared to offer technical support help. This could mean establishing partnerships with local tech support services near their remote workers or building a centralized internal tech support team that can walk employees through the necessary processes.
Remote work does not have to jeopardize data security. Once remote workers are educated and these top cybersecurity procedures are implemented, they can quickly become standard practices that everyone in a company can commit to with ease — and everyone within the organization can feel confident that they are doing all they can do to protect the security of their employer’s data.