In the comfort of their own home, employees might not think to take the same security precautions they would take in the office. With cyberattacks on the rise since the pandemic started, your employees need to be even more careful as they access company data remotely and use online platforms to share sensitive company information. Here are five tips to tighten up security measures across all the platforms your company is using to work remotely.
Reset company passwords.
Start with running a password audit. Have employees reset passwords they use for work with more strict criteria, and make two-factor authentication a must across all platforms. In creating new passwords, have your employees think about using pass-phrases that replace letters with symbols (“S” with “$” or “A” with “@”). Password managers like 1Password, LastPass, Bitwarden, and Dashlane not only remember but also generate unique passwords for employees. Browsers also have built-in password managers, but if your employees need to work across multiple browsers or devices, those passwords won't sync.
Remember that online word processors aren’t privacy protected.
Online word processors could be one of the best remote-working tools, and they have undoubtedly increased the productivity of teams since the COVID-19 pandemic, but one security blogger reminds us that between the National Security Agency (NSA) and online word processors’ “overreaching terms of service, your files may be open to snooping from both organizations.” There isn’t much that can be done about securing your team’s documents on popular online word processors, but accessing documents through a secure web browser as well as giving your documents misleading file names could help, since there is really no way to secure the privacy of those documents. If your team is looking for more secure options for online word processors, check out this medium article.
Ensure the proper use of work and productivity apps.
You have probably already experienced popular messaging platforms, productivity apps, and hiring platforms that make working from home more effective. Beware of proper on and off boarding of employees or freelancers so they can no longer access company information once their contract ends. Typically, the owner or administrator roles on many of these platforms hold significant responsibility, and it is important that you know who has those roles and what they have access to. Finally, especially with popular work-messaging apps that boast of integrating with over 2000 other apps, make sure you know what information is being shared through third-party integration by checking out their privacy policies.
Secure employee computers, network, and communication.
Assign someone on your team the job of owning the company’s privacy and security. It is important that each employee owns their own security and privacy, but at the end of the day you need a point person who has immersed themselves in securing the company’s data. Besides securing online platforms, make sure this point person is helping employees secure their computers, networks, and communication.
- Secure computers: Make sure your employees' computers are all up to date with security updates, virus checks, and firewalls. If an employee is doing work from a personal computer that might also be used by other family members, make sure each member of the family has their own user login. Supplying company computers to employees working at home could be wise if sensitive information is involved.
- Secure networks: Make sure each employee’s at-home network is password protected. Encourage at-home employees to use a VPN to hide their IP address and location as well as encrypt data transfers. Getting a paid VPN subscription for the whole company will be well worth the money.
- Secure communication: Use encrypted emails, messaging, and video calls.
The number one security measure you can take to equip your team to work securely from home during these uncertain times is to offer training on the security risks related to your company. All employees need basic security knowledge like how to avoid phishing scams, why public Wi-Fi is a risk, how to beware of click-through links—especially when they are on company devices and platforms. They also need to be armed with information on how to operate securely on devices and platforms they are using for work.
Don’t assume your employees are as aware of the security issues that might face your company as you are (or should be). Don’t assume your employees care about privacy as much as you do. Get proactive about protecting the data and privacy of your company by equipping each employee with the right tools to work securely.