Remote working is a popular alternative to a centralized office. The freedom and work-life balance appeals to employees and gives your company an edge over the competition. In fact, 63% of companies have remote workers, which requires them to use technology to store and share information and collaborate on tasks.
However, offsite working could lead to the risk of security incidents and lost or stolen data. An iPass mobile security report found 52% of CIOs worried their mobile workers had been hacked in the last year. Here are 8 steps you can take to safeguard your company data while your team is out of the office.
1. Have a Comprehensive Policy
Policies must clearly outline remote workers’ responsibilities when outside the workplace. Workers should be provided these guidelines and trained on each area. If workers are using personal devices instead of company devices, make policies more detailed and specific. Create a plan for what to do if a device is lost or stolen. Outline what will happen with access to information and equipment if an employee resigns or is terminated. Be sure to follow industry standards if your employees handle sensitive information, such as medical or banking records.
2. Create Digital Safeguards
There are a lot of ways to add an extra layer of digital protection on devices. One of the most popular is accessing the internet through a VPN instead of Wi-Fi. It is especially helpful if all workers connect to one central VPN to ensure a protected network. Add two-factor authentication to strengthen access to programs and files. A company owned password device manager prevents workers from sharing passwords digitally through email or chat. If your budget allows, mobile device management helps monitor devices used outside the workplace.
3. Regulate the Use of Personal Devices
Many companies have a BYOD culture where workers conduct business on their personal devices. This can become a risk if the worker does not take proper security precautions or engages in activities that could compromise company data. Make polices for personal devices clear and use more stringent control than you would with a company owned device. Employees should update passwords at regular intervals and their virus and firewall protection should be up to date. All business related work should be saved to a central location and not a personal drive.
4. Collaborate in a Central Location
Confusion about where to save, store, or share documents and data can lead to careless handling. Save all company-related documents and files in one place, whether that is project management software or a cloud service like Dropbox. This prevents information from being saved onto personal devices. Using digital tools like Slack or video conferencing for regular meetings provides transparency. Microsoft Office 365 has security features that adhere to ISO 27001.
5. Audit Your Processes
Reviewing processes is a great way to minimize risks, especially when your workforce is remote. To begin, conduct an internal audit of core activities related to digital and technological use to identify any gaps. Conduct penetration tests to see if security protocols are weak or could be breached. Close any open routes to data. Review contracts with vendors to ensure your data and information is safe.
6. Encourage Safe Connections
Experts suggest making a “no public WiFi” policy when workers are off-site. Public WiFi is poorly regulated and opens channels to hacking attempts. To protect devices, require workers to have complex passwords. If employees travel, outline how and where employees can connect to the internet. For example, using company approved access points and/or hot spots.
Select Vendors Carefully
Once you enter into a contract with a third-party vendor or supplier, it is often difficult to track how your data will be used. If you are sharing sensitive or proprietary information on a shared software service, you risk it being compromised or sold. Select reputable vendors. Do your due diligence to research companies and read reviews. Our Vendor Vetting article is a great place to start.
8. Train on Digital Literacy
You must be an advocate for digital literacy! Keep up on the latest news about cyber threats. Train employees both remote and on-site to recognize and report any concerns. According to a 2017 Verizon Enterprises study, 81% of hacking-related breaches came from weak or stolen passwords. Teach employees how to create strong passwords to protect data and devices.