Due to changing work environments (and changing public health protocols), remote work has become a common practice across a variety of industries. Companies that didn’t have any employees working in that manner just a couple of years ago might have a significant number working remotely today.
This new work dynamic creates many opportunities for employees and businesses, with enhanced flexibility and convenience that wasn’t possible previously. But those advantages also come with significant challenges. When an employee works from home or another off-site location, they take sensitive data with them. And as well as that information might be protected within your company, it’s at risk without a comprehensive plan for remote work employees. Cybersecurity is just as important for those workers, and it takes special consideration to make sure that best practices are used throughout the organization.
First and foremost, employees need to be using safe methods of connecting to the internet. Working remotely doesn’t always mean working from anywhere; just logging on to public Wi-Fi at the local coffee shop cannot be a viable option for workers engaging in sensitive communications and accessing proprietary data.
One solution is to use a personal hotspot when working in public. By tying the connection to a dedicated device, such as the user’s cell phone, an employee can avoid public connections entirely. If the organization provides a phone to the worker, it should be simple and efficient to utilize the hotspot feature in a public setting.
If workers need to access network applications remotely, they can protect the data they transmit by utilizing a virtual private network (VPN). VPNs are popular and easy to set up, but they vary widely in price, scope, features, and speed. A large number of remote employees accessing the network simultaneously can slow down production, and some VPNs might not provide the scope and degree of encryption your company needs. Alternately, other encryption services can provide safety and security without the use of a VPN. In those cases, be sure you’re getting end-to-end encryption so all points of communication are protected.
Passwords, 2FA and MFA
Password security is a well-known issue for companies, and it gains even more importance when incorporating remote employees into the workflow. Strong passwords that are varied across devices are essential in any work setting. Employees should understand the importance of good password management, and a password manager might be useful in keeping passwords complicated and random, as well as preventing employees from forgetting them.
Many people are familiar with two-factor authentication (2FA) in different day-to-day activities, such as online banking or accessing health-related information. That same technology can be used to ensure a password isn’t compromised. The second factor can be a pre-determined question, or an access code sent to a cell phone, making it harder to get into a device or network by simply obtaining the current password.
Multi-factor authentication (MFA) takes the concept a step further, adding in voice, fingerprint, or even retinal recognition to authenticate a user. While it’s a complex and expensive system to utilize, it can provide a valuable layer of security (and peace of mind) for companies that deal with information likely to be targeted by external threats.
Different Devices for Different Uses
When an employee works from home, it might seem convenient to use their personal computer to log onto the network or perform work tasks using their own devices. Unfortunately, that decision also complicates cybersecurity measures.
A company device dedicated only to work product ensures that it has all the software and updates the IT department requires for optimal security, including malware and antivirus protection. It also prevents unauthorized devices (like home computers, laptops, or tablets) from entering the network and bringing their own unintentional threats to the ecosystem.
Finally, mandating separate devices means all work product originates from the same set of tools, and there’s no chance that important data could be found (or subsequently lost) on other devices.
Other Remote Work Tips
Employees who work remotely should be aware of critical dos and don’ts to keep devices and data safe:
- Never leave devices unattended or in a car.
- Be aware of your surroundings and utilize privacy screens when necessary.
- Don’t compromise devices with software or thumb drives that haven’t been vetted.
- Don’t charge devices in public outlets without a data blocker.
- Connect hardware to outlets protected from electrical surges and/or power failures.
Each person working remotely is in charge of their workspace and devices. In essence, they have to act as an extension of the IT department and make sure their work product is as protected as it would be in an office setting.
Establish Company Protocols
Companies that are serious about maintaining strong security habits with remote workers should have a uniform policy for everyone, with standards that are easy to understand and implement. A specific training course can be helpful so company policies are presented at one time by the appropriate management. If certain devices are the only ones approved to log onto the network, or “remote work” is confined to dedicated home space, or other tools such as software or hardware are necessary for them to complete their tasks, providing all the information in one session can help provide the framework necessary for effective remote working.