How does remote work impact your business's online security?
Major data breaches have been in the news frequently lately, and the severity of data breaches has been increasing as well. And, with more and more businesses allowing their workers to telecommute or fully work remotely, digital security is, or at least should be, on everyone's mind.
It’s not only large corporations that need to be wary. Research shows that 72% of all cyber security breaches occurred at companies with less than 100 employees. Hackers see small businesses as easy targets that are less likely to have up-to-date security protocols in place. Due to limited budgets or staff shortages, small businesses may not have a dedicated IT security team to catch and report a hack until long after it has happened.
How Does It Happen?
Security professionals are playing catch up with ever-more-sophisticated hackers, always one step behind. As soon as they patch a flaw, there’s a new threat.
Take a look at Rokenbok, a California-based education startup that got hit with a Ransomware attack right before the busy holiday shopping season. Unwilling to pay the ransom, they rebuilt their entire network from scratch, costing them thousands of dollars in lost sales. Fortunately, they were able to weather the storm.
Another company wasn’t so lucky. Efficient Services Escrow Group lost $1.5 million due to fraudulent wire transfers to Russia and China. Unable to recover all the money, the state of California shut them down.
One of the most terrifyingly devious ways a company was hacked shows that nothing is really quite safe. The cybersecurity company, Darktrace, recently described how hackers accessed a casino’s high roller database by exploiting an internet-connected thermometer in a fish tank in the casino lobby.
It’s a difficult situation for small businesses who are often run on tight margins. Some see IT security as a luxury that they simply can’t afford. Perhaps they employ telecommuters to reduce overhead. They prioritize revenue, even though there are affordable ways to increase their security.
What Can You Do?
- Develop a policy. Mandating a well-defined set of rules that all staff must follow is the first step toward securing data and intellectual property. Make sure EVERYONE is using strong passwords and never reusing passwords. Make it company policy to use a password manager and require everyone to update their login regularly. And, when they are done working for the day, make sure they log off and turn off network sharing, Wi-Fi, and Bluetooth connectivity.
- Choose your software carefully. Be sure that any VPN, chat, email, application software, or third-party services you employ utilizes end-to-end encryption. Adobe Acrobat and Microsoft Office can easily encrypt documents and files. If the employee has access to high-level information, consider using two-factor authentication (2FA). That way, even if password credentials are compromised, unauthorized access is forbidden. Google eliminated phishing attacks by requiring their employees to use physical keys.
- Limit access. No remote worker should have access to data, files, networks, or applications they don’t need for their daily work. This least-privileged user access compartmentalizes your system and increases security. And, be sure to revoke any unnecessary privileges when an employee completes a project, changes positions, or leaves the company. Also consider restricting any company computer from downloading unapproved software, and limit access to only verifiable app stores from Google, Apple, or Microsoft.
- Lock down those devices. The phones, tablets, and laptops used by remote workers should have up-to-date firewall, anti-malware, and antivirus software, and they should be fully encrypted in case of loss or theft. The ability to remotely wipe devices is a must-have. Disable USB ports, SD card slots, and external access as well.
- Take advantage of the cloud. Employing a reputable, encrypted cloud service is an easy, cost-effective way to give your people a protected way to do their jobs. Large cloud companies are usually better versed in cybersecurity than small businesses, so it helps to piggyback on their security protocols.
- Use a VPN. Using an unsecured Wi-Fi network is like leaving a bank vault unlocked. Can you be sure that the CITY_FREE network is safe? Whether it’s checking email quickly at the airport, or working from the local coffee shop, a VPN goes a long way toward secure communication by preventing eavesdropping or man-in-the-middle attacks.
- Monitor remote workers. Many small businesses don’t have an HR department, so how do they keep track of their people? There are a host of monitoring apps out there that can remotely monitor employees' actions, hours, and processes. These tools keep track of who's working on what projects and when, and for how long. Be sure to check local laws, as some states require employee consent to monitoring. Having such a tool in place may detect a rogue employee, identify fraud, or ring an alarm to transmission or offline storage of sensitive material or classified intellectual property. At the very least, it can provide an audit trail to follow should such a breach happen.
Utilizing remote staff frees the company to find virtually limitless talent not bound by geography, increases employee happiness, and balances the work/life ratio for many. But, it does come with its own security challenges. However, once there is a foundation of quality defense architecture and a culture of security in place, managing remote employees is easier and more cost-effective in the long run. Most importantly, it brings peace of mind. And that is priceless.