These days, remote work is where it’s at. Allowing teams to work from home offers a unique perk with a positive impact on overhead (fewer snacks and drinks to pay for) and employee productivity (no distracting cubicle drop-ins to worry about). And with the growing prevalence of online tools, it’s easier than ever for staff to work efficiently from their favorite spots.
However, the idea of transmitting sensitive data over Wi-Fi or public internet connections makes some business owners uneasy—and for good reason. Employees often don’t take precautions when working outside the office, switching between personal and work computers and sharing documents and files. They don’t log in securely from public places like coffee shops and restaurants, and worst of all, some even send emails to clients and co-workers with their personal accounts!
These blunders can open a business up to hacking, jeopardizing sensitive data and making it difficult to guarantee the security of customers’ information. However, with the right tools and training, you can mitigate some of these risks while still offering employees a desirable benefit. Does your company observe these top remote-work security best practices?
Require employees to connect over VPN
Working over Wi-Fi, particularly public Wi-Fi, exposes data to a number of potential vulnerabilities. After all, anyone connecting to a public hotspot can snoop on those connections with the right tools, and attackers can use packet analyzers to spy on transferred data and steal private logins and passwords. They may even instigate so-called “man-in-the-middle” attacks, eavesdropping on private chats, email and other communications to gain access to secure information. In 2015, a hacker using this technique made off with over $7 million in stolen customer payments—no small potatoes.
VPN connections provide a layer of security against these kinds of hacks. Instead of connecting directly to networks over Wi-Fi, VPN creates a virtual peer-to-peer link between the connecting device and your LAN. This means that all data traveling back and forth is encrypted, so shared resources, logins and conversations stay safe. VPN is also easy to access: Employees simply log in to a VPN client with their name and password. Mandating use of VPN clients is one of the best ways to ensure remote information security, and MyITpros configures networks like these almost every day.
Investigate the security of cloud-based applications
It’s basically impossible to work remotely without the assistance of cloud applications. Online tools allow employees to work on joint projects in real time, communicate using chat or video conferencing, update shared project management tools and perform any number of other collaborative tasks. However, these services also present security issues when employees are allowed to use tools that don’t employ proper protections.
For instance, cloud services should provide secure APIs for customization—and ideally, programs should force multi-factor authentication as well. Data at rest must be encrypted, and accounts that require credit card information should collect this securely, using either encryption or tokenization to authenticate transactions. Most importantly, your IT team should have a handle on all the applications employees are using, as this makes it much easier to root out suspect tools.
Keep applications up to date on any device used by employees
Program updates may seem annoying, but they actually help ensure device protection. Developers often provide patches after a security flaw is discovered, so it’s important to update all software and programs as soon as new releases become available—or face the consequences. For instance, Equifax’s failure to update Apache Struts software is thought to have resulted in the credit bureau’s notorious breach back in September 2017, which caused its stock to plunge nearly $4 billion in the following days.
Obviously, updates are more difficult to handle if you have remote team members on staff, but you can protect yourself by authorizing automatic updates on remote employees’ devices. This is another strength of cloud applications: Tools that are hosted online will automatically roll out updates, taking some of the pressure off your IT team. That may be reason enough to invest in the cloud versions of traditional software such as Office 365 or Adobe Creative Cloud, especially if employees are bringing their own devices to work.
Beyond that, simply training employees on security best practices will go a long way. Teach them how to spot potential phishing scams and explain why they should log in securely. Team members will be more likely to take precautions when they know what’s at stake—and in the world of remote security, knowing is half the battle!