The remote and work-from-home trend has been building momentum for some time, but now that coronavirus has become part of our ongoing reality, it’s sped up the trend quite a bit.
Originally in March, companies started moving their employees to work from home because of government-mandated shutdowns of non-essential businesses.
Then, even as businesses were technically allowed to start opening, they decided to keep their employees home for the foreseeable future. Twitter and other tech companies have already announced they won’t be bringing employees back to the office any time soon.
JP Morgan also said recently that they would have employees working on a hybrid schedule, with some time spent in the office and some spent working from home.
With working from home comes the priority of securing all data with modern network security practices and more.
Employers have to think about how they’re going to protect sensitive company information if they haven’t already started, and the following are tips.
Enforce a Secure Connection
One of the most important things you can do as an employer when it comes to protecting data is to enforce a secure connection. Your employees need to understand the risks of not having that in place, and it needs to be something they’re well-trained on.
Ideally, consider having your remote workers use a virtual private network or VPN.
Then you don’t have to worry about your telecommuting workforce accessing company data on an unsecured public connection or their private computer.
You might also, at the same time think about setting up multi-factor authentication to prevent data breaches.
Another element of creating a secure connection may mean that you use a remote security layer to limit the copying or saving of files to a remote worker’s device.
When employees use a VPN, it does cut out some of the biggest fears they might have about access being breached to sensitive data.
Build a Comprehensive Employee Training Program
While there are pathways to exploit data by infiltrating systems in sophisticated attacks.
it’s more common to exploit employees as the weakness through things like phishing attacks.
If there are applications that aren’t used that often, they should be removed.
Streamlining software and apps is a good way to cut down on potential vulnerabilities.
For the applications that remain, they should be kept up-to-date.
When you’re determining how to streamline your software, you might also do an audit of account access and set new restrictions.
The more access someone has to data, the greater the threat.
Remote workers should have access only to what they need to perform their job duties.
Offer Security Updates
Employees might not have these protections.
If you offer employees company-owned devices, make sure they stay updated with firewalls and antivirus software.
If your employees use their own devices, provide them with what they need to install these tools.
Create or Update Acceptable Use Policies
If you have an acceptable device use policy already in place, update it to reflect the shift to remote work. If you don’t have one of these policies, now’s the time to implement one.
To protect devices, users should not be able to download or install software without the permission of the administrator.
Employee devices owned by the company should be encrypted as well, because then if a device is stolen, the hard disk is then unreadable without the security key.
When you’re reviewing and updating security-related policies, don’t forget about your password policy.
Passwords seem simple, and they are, but they’re also the first line of defense across the board when it comes to cybersecurity.
Passwords are also frequently and easily compromised by hackers.
You want a password policy that enforces complex passwords, and you should make sure your employees use different passwords for all of their accounts.
Finally, you need to have a well-thought-out work-from-home policy in place.
If you can afford it, as part of your policy, it’s always best to provide devices to employees. This cuts down significantly on the risk of a data breach or cybersecurity incident.