With the current physical and social distancing mandated to contain the spread of COVID-19, more and more companies are relying on a remote workforce to stay in business. Not surprisingly, information security is – and should be – the number one concern. Here are a few important tips for securing your remote workforce and therefore ensuring that your company’s data and processes are secure.
Risks of Working Remotely
Most of the workforce is familiar with the danger of using an unsecured Wi-Fi network in or outside the home, but there are other risks employees might not watch for:
Use of Personal Devices
In an ideal world, it would be feasible to provide remote employees with company devices with up-to-date antivirus and firewall protections. Many companies do not have this capacity, especially since the necessity of social distancing in recent months grew quite quickly. This means that you may need to rely on your personnel to use their own laptops and smartphones to work from home. Those who are less technologically “savvy” may not be aware of the steps they should take to make sure they have the proper protections in place, or whether their devices have the latest programs and operating systems.
Inadequate Back-Up and Recovery
Office workers who are used to automatic back-up on on-site company computers may not realize their need to stay vigilant about backing up their work regularly — until it’s too late. This is even more likely if they now must use personal computers that they have had around for predominantly entertainment purposes. The inability to recover lost data or work is an inconvenience at best, an expensive disaster at worst.
Many still assume that antivirus programs and firewalls automatically detect and protect against malware. They don’t realize what they are inviting in by falling for clickbait or phishing scams. For those who are worried about job security and consistent remuneration, ads for remote working or freelance side employment may be tempting. They may click on an ad to check out what’s being offered without thinking about the consequences. Folks may be less hesitant to explore these “resources” on their own devices rather than on company property, as well.
Tips to Secure Your Remote Workforce
Providing remote workers with the tools to maintain data security will go a long way in ensuring that your company data and work products are properly safeguarded:
Robust Remote Work Policy
You don’t need your staff to be computer experts, but a little explanation of the potential security hazards will go a long way. Knowledge can really be power if your employees are aware of what risks they will encounter online and what level of protection different protocols and programs provide. Make sure that your remote work policy covers all the bases, including a designated contact person or department to answer any questions employees have about any IT security issue. This way, they are more likely to ask first before clicking a seemingly innocuous link.
Keep Employees Updated
Apart from reminders for remote workers to stay alert for malware, phishing, and other malicious activity, notify them of new scams that have been uncovered. Scams are constantly evolving and proliferating, and it is just easier and safer to let people know what’s out there, rather than to assume they will recognize every inherent security hazard. Better safe than sorry.
Implement Protective Protocol
Instead of relying on individuals to secure complete access on their ends, help them out by putting in a multi-factor authentication process for all staff. This way, you can at least be sure that passwords and sign-in procedures have a minimum level of effectiveness, sophistication, and consistency. Make it clear to all staff what programs and operating systems they will need on their personal devices — including the latest updates for the different brands of tablets and smart phones. Also, encourage them to check out the helpful blog posts Microsoft and others publish.
These days it makes sense to implement a corporate network that has all your desired security features. Using a virtual private network and allowing your network administrator to monitor and if necessary, restrict the use of and access to sensitive data, are important proactive measures to protect your company data and other crucial information. There are a number of endpoint protection platforms, models, and services out there, so you should be able to find one that best fits your needs.
Checklist for Remote Employees
Whether these information security reminders are part of your robust remote work policy, general policy, or a separate document that is sent around or posted, make it a practice to remind all personnel with access to electronic company information to:
Create strong passwords
- Remind them not to use birth dates, personal information, or commonly used passwords. There are numerous lists of unsafe passwords available online. Providing examples of good and bad passwords can be very helpful.
- Install updates when available
- It’s tempting to ignore that notification or to keep clicking the “remind me later” button. Encourage your employees to download the latest operating system and program updates promptly in order to ensure that the more comprehensive versions of protection are on their devices.
Regularly back up work
- Make it clear to your staff just how important it is to pause and back up work at intervals, even if devices and programs have automatic back-up procedures. It is still possible for important work to be lost between the last automatic back-up and the next power outage or computer crash.
Be suspicious and vigilant
- Educate your employees about phishing, malware, and other scams – including “work from home” scams that will undoubtedly crop up – so that they can be extra alert. Remind them that with the privilege of working remotely comes a great responsibility to protect the sensitive information entrusted to them.
Maintain information security practices
- Get employees to confirm whether their devices are used only by them or shared with family or other individuals. Provide instructions on how to set up separate user profiles and set up a password for their profile so that no one can else can access their work. Also, explain how they can set up encryption on the various devices for an extra layer of protection — and how to enable their devices to lock after a certain period of inactivity.
Have any questions or want to know what security services and technology will work best for your company? Softlanding provides professional and managed IT services across many business sectors. Contact us today— we’re happy to help!