Flexible work is the new normal, with parents and kids both working and learning from home. Even before the 2020 COVID-19 pandemic, remote work was a growing trend. From 2005-2017, the remote workforce increased by 159%, representing 4.7 million people, or 3.4% of the population, according to research from Flex Jobs. Now that those numbers have increased, it’s leaving businesses, government organizations, and schools struggling to figure it out.
Unfortunately, there are people out there trying to take advantage of this uncertainty. Cybercrime has spiked since the pandemic began, and even the World Health Organization (WHO) was the target of a cyberattack. This puts security at the top of any company’s priority list.
Here are the most important measures you can take to protect your organization and its valuable data while you and your team are working from home:
1. Secure Physical Environments
Most offices have tight physical security. There are locked doors with swipe card access, CCTV, and guards who keep an eye on everything. Only authorized personnel have physical access to the company's network.
When an employee is working remotely, they don't enjoy the same kind of protection. Remote workers have to be mindful of risks such as:
- Loss. Small portable devices such as USB drives easily can go missing
- Theft. In the event of a burglary, an employee's laptop or other work devices could be stolen
- Unauthorized access. If a device is left unattended, an unauthorized third party could potentially access your data
As a manager, your job is to ensure that all remote workers understand the basics of physical security, such as:
- Always password protect your device
- Don't share passwords with anyone else
- Never leave your device unattended
- Store all devices safely overnight
You might even consider providing your team with physical and/or virtual security equipment, such as a two-factor security key or lockable cabinets for storing laptops and USB drives in their homes.
2. Connect via VPN
Remote workers will usually be working off their home broadband connection, which isn't as safe as your sprawling, geo-secured, even air-gapped campus. Home WiFi networks could potentially be accessed by someone on the street outside or people in neighboring buildings who can easily set up a man-in-the-middle attack on home WiFi.
Even worse, the rise of Internet of Things (IoT) means that household technology could be an entry point for hackers. Home networks may have dozens of devices connected at any time, such as TVs, printers and even refrigerators, all of which might be vulnerable to attacks. One of the worst hacks in history exploited a vulnerability in a popular webcam. You don't want to be the victim of something similar.
Using a virtual private network (VPN), your employees can access the intranet from home as though they were at work. Even if their home network is compromised, your business data will still be safely transferred and processed in an encrypted tunnel.
3. Avoid Social Engineering Attacks
People are the weakest part of any network. Social engineering is a hacking technique that focuses on exploiting people as a vulnerability, using a mix of technology and old-fashioned confidence tricks.
Remote workers are especially vulnerable to phishing scams. This involves sending a legitimate-looking email that asks the recipient to click on a link. When they click the link, they're taken to a fake website that looks like the real thing. The user then tries to log in by entering their username and password. But instead of logging in, they send these details directly to the attackers.
Some phishing emails can look so similar to the real thing that even experienced IT pros can be fooled. Often the only indication is the link in the email, which might say something like:
Please log into http://login.workapp.com
But the link will actually lead to something like:
The only failsafe is to double-check links before and after clicking them. Better still, don't click links at all. Instead, type the address directly into the URL bar of your browser.
Social engineering attacks can also be a lot more low-tech. Hackers could phone a remote worker, pretend to be from the IT help desk, and ask for their password. Talk to your team about these threats and make sure that they're aware of all dangers.
4. Reinforce Best Practices (More Than Once)
The conversation about security is always ongoing. Keep talking to your team and keep reviewing best practices.
Remind your employees not to be lax about following processes and procedures put in place in the company. Just because they are working from home does not mean they should stop protecting the data integrity of the customers. Regulatory compliance doesn’t take a vacation, and exposing sensitive information could result in your company’s downfall.
Working from home is a challenge, but it’s one that can easily be overcome if everyone works together. Take the opportunity during your weekly team video conference to remind everyone that they’re still part of a team and still need to take care to ensure they perform their job requirements and duties.
5. Switch to Cloud Services
If your organization has already switched to the cloud, you'll already know how the cloud can help to improve security. All of the really sensitive operations occur on well-protected servers. Users access the system through an encrypted front end. For example, Xplenty's front end boasts field-level SSL/TLS encryption, which can be safely accessed from anywhere in the world.
If you're still reliant on on-premise systems, now is a good time to think about cloud migration. Sit down with your IT team and run through the following questions:
- What applications do remote workers need?
- What files and data will employees access?
- What is the risk of granting off-site access?
- Are there cloud options that can help to mitigate risk?
- Can we automate any processes, thereby reducing the need to remotely access sensitive data?
The goal here is to support your remote workers as possible. Provide them with the right tools so that they can work safely.
If you're thinking of migrating to a cloud-based ETL solution for your data integration needs, talk to Xplenty and find out how you can use our platform to upgrade your ETL processes while helping your team to keep your data secure.