The pandemic and lockdowns forced companies to adapt very quickly to new ways of business, not least remote working. But the change wasn’t and, in fact, still isn’t done – some businesses and sectors are more agile than others and were able to adopt the new normal relatively painlessly. Others did not have the same experience and continue to struggle with remote access on many levels.
Either way, this massive shift to remote work has put tremendous pressure on company IT departments, networks, and security. There are two key drivers challenging IT. First and foremost, physical access from these now disconnected environments. Second, introducing access control mechanisms that do not restrict productivity.
Yes, it is true that there are huge technology components that cannot be ignored. After all, cyberthreats are premised on vulnerabilities in software, devices, chipsets, and people's behavior. To make matters worse, the threat landscape is changing so fast, that it makes the saying “shifting goalposts” almost laughable.
The truth is “security is man-made and therefore can be man-broken!”
It Starts With Awareness!
The best data protection mechanisms are worth naught if employees are not made aware of the need for data security. More so for remote workers, who must be made aware of data security policies and procedures in the company. They should also formally commit to those practices and measures.
Employees should be given frequent cyber security training to enhance their awareness and educate them on data protection best practices so that they are not tricked by email phishing. Businesses may even want to conduct cyber-attack simulations to observe how their staff respond.
Balancing Productivity With Security
The truth of the matter is business needs to keep going, employees need to work regardless of where they are forced to or choose to be.
The trick is finding the balance between security and productivity. Of course, compliance cannot be ignored. Some sectors are less-regulated, but all have a responsibility to introduce appropriate data protection methods.
Putting disproportionate data protection security measures into place is almost certainly going to lead to frustration and nervousness amongst employees. Unnecessary blocks or barriers to accessing data will, for sure, result in staff finding workarounds and shortcuts.
Some of the more commonly used shortcuts (keep an eye out for them):
Using free applications to transfer, send or pass on documents
Using free or non-company email solutions
Using their own, undeclared devices
Identifying the use of these free applications for company work is difficult.
Even those third-party, free applications with extensive security measures in place could impact the security of your data. And, they also open the very real possibility of the company falling foul of the regulatory breach.
There is no truly effective way to avoid employees using these applications. Companies should rather place effort into educating staff as to the risks of this behavior.
If staff find data protection mechanisms your company has introduced to be onerous, that is not the same as the mechanisms being simply obstructive. Instead of finding workarounds employees should be encouraged to make their frustrations known.
Setting Access Rules
Starting with zero trust and working outward in concentric access layers is a good approach.
As the data becomes ‘more sensitive’, place more control on the access to it!
Getting Started
But, in terms of protecting data, it is not all doom and gloom. Yes, you need to let the technologists get on with what they do. And, you need to have a good understanding of just what it is they do and trust them. Frequent checkups are a good thing.
Let’s discuss 6 things you can do to improve data security for your business.
Strong Passwords
Many people make jokes about password security, admitting to using the same password from device to device and application to program, training remote workers on password security is critical to protecting your company's data. Start with the fundamentals of password security and why it's critical to repeatedly avoid using the same password.
Another approach for businesses and employees is to use a password manager. Employees won't have to struggle to remember all of their passwords for different programs. Some password managers can even implement password-for-the-day or generate random passwords.
Multi-Factor Authentication
Consider implementing two-factor authentication (2FA). This approach verifies a user's identification by requiring a username and password, as well as an additional piece of information, such as a response to a "secret question" or a PIN delivered to their phone.
Passwords are frequently leaked or stolen, but with 2FA, it's unlikely that thief will also have the answer to the second security question or a PIN. In this digital age, when passwords aren't enough, this extra layer in the security process can give remote workers and their employers the peace of mind they need.
To go even further, businesses might consider implementing multi-factor authentication (MFA), which would need extra verification such as biometrics like retina, voice, or fingerprint recognition. Although the authentication is more complicated and expensive, it may be worthwhile depending on the value your company places on data.
Firewalls, Anti-Virus and Anti-Malware
Ensure all remote workers have:
Up-to-date firewalls
Antivirus software
Anti-malware
The above should be encouraged to be on your staff’s devices, including laptops, desktop computers, cell phones, and tablets. Consider setting up a remote wipe in the event a device is lost or stolen.
Because not all employees have the same degree of technological knowledge, be prepared to provide technical support. This could entail forming agreements with local tech support firms near their remote workers or putting together a centralized internal tech support team that can guide employees through the essential steps.
Ensure Staff Use Secure Internet Connections
Setting a secure connection in your remote workers' homes is relatively simple. Change their home router default passwords as step one. They may not know how; be prepared to support them. Make sure remote workers keep you informed if they change their home connection - maybe they change service providers.
We all enjoy time out of the house, in fact at times, remote workers really need to get out of the house. For whatever reason, remote workers leave the house and decide to work from a local coffee shop or cafe. Make sure they understand the risk of connecting to a public Wi-Fi. It may seem super convenient, but it is also super-risky!
Not allowing remote workers to work where they are most energized and motivated is the last thing you want to do. In this instance, the remote workers need to be educated on how to ensure safe connectivity.
The most straightforward option is to make employees use a virtual private network (VPN) when connecting away from their home connection. Remember not all VPNs are created equal. Spend some time to make sure the VPN you choose is secure and aligns with your access policy.
Good Backups
If all else fails make sure you have good backups of your data! While this topic warrants a series of posts, make sure that if a remote worker does sound the alarm you can isolate the company data quickly.
Employee Awareness
Think of it this way, your people can be company human firewalls. Keeping your remote workers up to date with threats, and how to defend against them is arguably the most powerful protection.
In Closing
Draw up a remote work policy. Some employees, believe it or not, are still unaware that data security is an issue they should be concerned about on both a personal and professional level.
Some employees may feel the policy only applies when in the office or connected directly to the company network.
Everyone in the workplace must take responsibility for securing company data, and by establishing a policy, all employees — whether they work remotely or not — will be on the same page as to what is expected.
Data security does not have to be compromised when working remotely. Once remote workers have been taught and these cybersecurity measures have been adopted, they can rapidly become normal practices that everyone in a firm can embrace — and everyone can feel confident that they are doing everything they can to secure their employer's data.
Are looking to secure your company data? Look no further, contact us before it’s too late!