4 Tips for Keeping Your Data Secure While Everyone Works From Home
More employees are remote than ever before. Here's how to make sure that doesn't lead to breaches.
Opinions expressed by Entrepreneur contributors are their own.
The COVID-19 pandemic has completely disrupted our normal way of doing things, and this is especially true of how employees go to work. As millions of Americans transition to working from home as part of social-distancing precautions, many analysts are predicting that the impact on where we work will last long after the pandemic ends.
Indeed, remote work has several advantages for employers and employees. Studies have reported greater levels of job satisfaction, less stress and higher productivity. Many employers have given feedback indicating improved retention, while also being able to reduce office expenses.
Of course, despite these opportunities, remote work also presents several challenges — one of the biggest being how to keep work-related information secure when someone is accessing it at home. A survey by Shred-It found that 86 percent of C-suite executives feel that the risk for data breaches is significantly higher with remote work. However, proactively addressing security challenges by following the below steps will enable your team to work remotely without risking compromising your data.
1. Ramp up user-training efforts.
While criminal attacks are responsible for the majority of data breaches, human error is also a significant contributor to digital-security issues. An analysis in Australia found that 36 percent of all such cases were directly attributable to human error.
Phishing emails are one of the most common threats facing employees, tricking them into clicking on fraudulent links that are designed to install malware or steal account information. These hacking attempts can be very intricate, even going so far as to imitate official communications from your company or its partners.
Now that employees are working outside the office, you should make doubly sure that they understand the dangers of phishing and other attacks. Teaching them to identify fraudulent communications will keep many severe breaches from ever becoming an issue.
2. Require two-factor authentication.
Whether a work-issued laptop is stolen or your employee uses the same password for work as they do for another account that has been compromised, there are countless avenues that criminals can use to gain access to employee information — even when your team is using digital-security best practices.
To counteract this, an increasing number of companies are requiring two-factor authentication when employees log in to their accounts. During a recent call with Ryan Lakin, president of IronEdge Group, he explained, "Two-factor authentication adds a layer of redundancy to ensure that only the actual account owner can access their account. A hacker could steal an employee's password, but they probably won't have a phone that receives the verification code. They certainly wouldn't have a fingerprint, which is used in some systems. Adding one extra step to the login process could make all the difference in keeping hackers out."
Two-factor authentication systems can also serve as a type of alert when an unauthorized user is attempting to log in to an account. This will help remote employees know when they need to change their password or contact you about a potential issue.
3. Audit account-access restrictions.
With the bulk of your team working remotely, now is an important time to audit account access-restrictions, particularly if everyone works within the same company dashboard. Information Security Form estimates that 54 percent of company security breaches are caused intentionally by internal actors.
Exploiting proprietary information, giving away account access and other, similar actions could compromise your company's digital data. The more access someone has to your internal dashboards, the greater the threat. As such, you should double-check all user accounts and ensure that remote workers only have access to the information they need to do their job.
In a time when many businesses are laying off employees to keep afloat, you should also be quick to remove account access from anyone who has been let go. Data wipes and account suspension will ensure that an upset employee won't take out their frustration on your company.
4. Provide remote security updates.
While you may have invested in firewalls and other cybersecurity upgrades at the office, your employees may no longer have access to these resources now that they're working from home. When providing company-owned devices, make sure that all firewalls and antivirus software is fully up-to-date. Consider helping employees using their own devices with the installation of such tools.
The use of encryption software can also protect your data while your team is working remotely. This can even be done with programs like Adobe Acrobat or Microsoft Office. Files that are encrypted can only be opened by someone who has the appropriate "key" or passcode. This way, even if a hacker were to intercept a work-related file, they would be unable to open it. Data encryption can even keep someone from accessing files if they were to steal a remote worker's device.
As with general digital-security practices, you must provide training to your employees to help them understand how to best use these resources. This way, security enhancements will not hinder their productivity while working from home.
It is uncertain how long the COVID-19 pandemic will require many people to work from home, but even after the virus subsides, it is quite likely that there will be an increased desire for telecommuting opportunities. By taking steps to keep business data secure when accessed remotely, you can have confidence in your company's future.