What to know about keeping your business secure when hiring remote workers
Major data breaches have been in the news a lot over the past few years. According to recent evaluations, 2017 had more than 6.5 times as many significant breaches as 2005. And as tech becomes a bigger part of the corporate sphere, that risk is only going to increase.
Mirroring the rise in data breaches is another trend: remote work. A majority of companies leverage remote workforces, but just a fraction of those have reliable policies in place to support or oversee those out-of-office connections. Using remote workers — who will very likely send, receive, and access company data and resources online — without a cybersecurity plan in place is risky, especially given the potential consequences of a breach.
High Costs of Data Breaches
Online security threats hit fast and hard, and it’s not just big businesses that are at risk. Research shows that 72 percent of all cybersecurity breaches occur at companies with fewer than 100 employees. While enterprise-level business might have bigger payoffs, hackers see small businesses as easy targets that are less likely to have up-to-date security protocols in place. And, due to limited budgets or staff shortages, small businesses may not have a dedicated IT security team to catch and report a hack until long after it has happened.
One small business that became a breach target was Rokenbok, a California-based education startup that got hit with a ransomware attack right before the busy holiday shopping season. Unwilling to pay the ransom, the company rebuilt its entire network from scratch, taking a devastating loss in sales in the meantime. Fortunately, they were able to weather the storm.
Other companies haven’t been so lucky. Efficient Services Escrow Group lost $1.5 million due to fraudulent wire transfers to Russia and China. When Efficient was unable to recover all the money, the state of California shut it down.
The stakes are clearly high for any company that exists even partially in the digital sphere. While a lot of companies do know how to bolster their cybersecurity, not as many understand how the risks — and thus required defenses — change with the addition of remote employees.
Best Practices for Risk Management around Remote Work
If you’ve opened up the option for remote work, it’s imperative to evaluate your cybersecurity measures frequently. Whereas a traditional office can keep all data and information more or less contained within an internal network, remote work generally requires employees to send and access data and materials outside the company’s physical borders, and that widening of the network creates more potential weak spots.
Luckily, you can lock down a lot of that risk with proper preparation.
- Develop a policy. Mandating a well-defined set of rules that all staff must follow is the first step toward securing your data and intellectual property. Make sure everyone uses strong passwords and never reuses them. Make it company policy to use a password manager and require everyone to update their login regularly. Enforce use of two-factor authentication (2FA) too, so that even if password credentials are compromised, there’s a secondary stopgap in place to limit unauthorized access. Finally, when employees are done working for the day, require them to log off and turn off network sharing, Wi-Fi, and Bluetooth connectivity.
- Choose your software carefully. Be sure that any chat, email, application software, or third-party services you employ utilize end-to-end encryption. Adobe Acrobat and Microsoft Office can easily encrypt documents and files, for instance.
- Limit access. No worker — remote or otherwise — needs access to data, files, networks, or applications they don’t use for their daily work. This least-privileged user access compartmentalizes your system and increases security. Be sure to revoke any unnecessary privileges when an employee completes a project, changes positions, or leaves the company. Also consider restricting any company computer from downloading unapproved software, and limit access to only verifiable app stores from Google, Apple, or Microsoft.
- Lock down those devices. The phones, tablets, and laptops used by remote workers should have up-to-date firewall, antimalware, and antivirus software, and they should be fully encrypted in case of loss or theft. The ability to remotely wipe devices is also a must-have. Depending on the data a remote employee is handling, you may need to disable USB ports, SD card slots, and external access as well.
- Take advantage of the cloud. Employing a reputable, encrypted cloud service is an easy, cost-effective way to give your people a protected way to do their jobs. Large cloud companies are usually well versed in cybersecurity, so it can be especially helpful for small businesses to piggyback on their security protocols.
- Require remote workers to use a VPN. Using an unsecured Wi-Fi network is like leaving a bank vault unlocked. Can you be sure that the CITY_FREE network is safe? Whether your remote staff is checking email quickly at the airport or working from the local coffee shop, a VPN goes a long way toward secure communication by preventing eavesdropping or man-in-the-middle attacks.
- Monitor remote workers. There are a host of monitoring apps that can remotely monitor employees’ actions, hours, and processes. These tools keep track of who’s working on what projects, when, and for how long. Be sure to check local laws, as some states require employee consent to monitor. Having such a tool in place may help detect identity fraud or the unauthorized transmission or offline storage of sensitive material or classified intellectual property. At the very least, it can provide an audit trail to follow should such a breach happen.
Utilizing remote staff frees the company to find virtually limitless talent not bound by geography, increases employee happiness, and balances the work/life ratio for many. It does come with its own security challenges, but if you’ve established a foundation of quality defense architecture and a culture of security, managing remote employees can be an easy and cost-effective solution that pays dividends to both the worker and employer.