Working from home while sipping coffee in pajamas sure is quite the way to live. Indeed, more companies and employees alike are hopping on the digital nomad bandwagon than ever before.
And why shouldn’t they?
Employees can work from home, set their own schedules and save big on commuting daily, while companies can slash infrastructure costs by leveraging their workforce’s hardware and software.
Why invest in costly stuff when all your employees already have it? But, doing so is easier said than done. Since you have no way of knowing how much seriously your remote workers take security, you might open up a digital pandora’s box by letting them run company data through unsecure ware. Companies obviously have to update their security best practices if they want to safely exist in a world without borders.
Since remote working is no longer a privilege, companies large and small have no choice but to adopt it, else they risk losing talent to braver competitors. That being said, the challenges of a work from home lifestyle are all too real as well. A 2018 mobile workers security survey by iPass found that 52% CIOs across the US feared their mobile workers had been hacked in the past 12 months. 67% believed most of the hackings had occurred at unsecured Wifi connections at cafes.
But, since working from home is where the future is headed, you need to bring your security best practices up to speed. Here’s the skinny on how you can do just that…
Now, check it out what you will find on this article:
- Create a Clear Remote Working Policy
- Have a (Really) Strong Password Policy
- Separate Work and Personal Data in a User’s Computer When Working From Home
- Implement Remote Data Wiping For All Employees
- Consider Using VPNs for Business Communications
- Switch to Modern Cloud Productivity Tools
Create a Clear Remote Working Policy
Aside from a clearly laying out how remote workers/teams are expected to conduct themselves when working from home, a remote working policy should also list the tools they are allowed to use for work. Says Philippa Rust, director of the Intern Group, Australia – companies should list the selection of tools they use in their organization to ensure data is passed efficiently. The remote team members should also only use secure internet connections for accessing company data or network and avoid public Wifi.
A remote working policy should include elements such as temporary and permanent positions, reasons for allowing working from home like parenting, bad weather, emergencies, geographical distance etc, procedure for enabling remote working, compensation and what security best practices need to be followed when working from home.
Workable has an awesome remote working policy template you can use to draft your own.
>> Recommended reading: Is Remote Work Damaging Employee’s Mental Well-Being?
Have a (Really) Strong Password Policy
Now, this could fit into the last point, but it really is THAT important. A whopping 81% of all hacks occuring today happen due to weak passwords. Why do people still go with weak passwords when their dangers are all too evident? Many will cycle the same password through multiple accounts, or, simply select pieces of information that they are most likely to remember. Since these are usually a date, an event or a series of numbers/letters, they are extremely easy to guess. Case in point, “123456” is still the most common password in 2019 with 23.2 million accounts being “guarded” by it!
Creating strong passwords is quite like walking a tightrope. On the one hand, a password that looks like it was the product of a cat strolling across the keyboard will be very secure, but is unlikely to be remembered. On the other hand, passwords that follow a pattern are easy to recall, but are even easier to be hacked.
However, patterns are only discoverable if they are out in the open. You can create a method for generating passwords that follows a unique pattern which only your users are aware of. Said method can be documented in your password policy and employees can be trained in it to ensure compliance when working from home or office.
Here’s an exhaustive password policy to follow from SHRM.
Separate Work and Personal Data in a User’s Computer When Working From Home
No employee will allow a company to dictate how they can use their own devices at all times. They are also unlikely to remember security best practices when browsing Facebook or casually surfing the web.
However, you can silo work data in remote computers such that it is never touched by their personal use. A VM or Virtual Machine can be used here. VM is essentially a “software computer” complete with its own operating system which works separately from the user’s primary installation. Here’s a detailed guide on creating VMs.
A computer’s hard-disk can also be partitioned into two sections. Each partition can have specific operating systems, applications and security protocols enabled. The method to partition a hard-disk varies from OS to OS, so, it’s best to speak with your IT personnel to find the best method for helping remote workers.
Finally, remote workers can also have two different user logins, one for work and one for play. Their work login can operate under more limited administrative rights. Like in a VM installation, the work account can have specific applications and security protocols only.
>> Recommended reading: Work management systems: at your side to help you overcome your business’s day-to-day challenges
Implement Remote Data Wiping For All Employees
The problem of security best practices vis-a-vis remote working is unfortunately not limited to poor policy. A study by Shred It’s State of the Industry found that 86% CXOs believed remote workers increased the chances of a data breach. The study also noted that while said CXOs did have contingency plans in place, only 35% SBOs have a policy storing or deleting data remotely and 54% have no plans at all.
Simply put, having a policy may not suffice and stronger, disaster specific measures must be included. Most OS’s today come with a remote data wipe feature that allows administrators and users to delete their computers from any location. Data can also be selectively removed from certain Microsoft apps in case an employee is leaving.
The move isn’t without legal ramifications, however. Many employees will shudder at the idea that their employers can remotely remove data from their machines.
Since freelancers often work with multiple companies, they may not give such access to all of them, too. In such cases, educating remote workers on how remote data wipes work or letting them implement one on their own can work, too.
Consider Using VPNs for Business Communications
Virtual Private Networks encrypt all internet traffic from and to the device until the program is deactivated. They essentially create a secure tunnel between a user and a company through public internet. VPNs are invaluable for securing data over unsecured networks, stopping all prying eyes (such as an ISP) from spying on the data being sent and helping your network administrators enforce company security best practices for employees working from home.
Two basic types of VPN technologies are available depending on your risk threshold and requirements. Remote Access VPN allows a user to connect to a network from any location and is ideal for letting remote workers access company network. Site-to-Site VPN also known as router-to-router VPN on the other hand encrypts data between two different geographical locations such as two offices.
A variety of VPN protocols are available to pick from. While PPTP (Point to Point Tunneling Protocols) is the oldest and most mature technology, OpenVPN is ideal for companies looking for a more secure tool.
Unlike PPTP, IPSec (Internet Protocol Security) and SSTP (Secure Socket Tunneling Protocol), OpenVPN is system agnostic and can be tailored to any requirements. It is also constantly being updated so, is less vulnerable to emerging security threats.
Switch to Modern Cloud Productivity Tools
Now, having robust security best practices is always a good idea. However, with the number of apps out there, enforcing policy organization wide can become mind-numbingly tedious. A smarter way out is to switch over to cloud based productivity apps such as Runrun.it.
Not only do they facilitate remote operations with work tracking, scheduling and communications, but being a long distance productivity enabler, they already have some of the best, most updated security best practices in effect making it ideal for working from home.
Runrun.it, a work management software, for instance has updated IT processes, encryption and backup to ensure your information is kept safe. We can also help you setup robust security best practices throughout your Runrun.it account, with all kind of user permissions, password policy (passwords expire every 90 days), and a Activities Log page. So that all departments of your company run in a secure manner.
The problem with security is that despite all that technology can offer, it really is up to the end user. No amount of technological wizardry can stop data from being compromised if the user simply gives someone else access to it.
Spur of the moment decisions, forgetfulness, oversight and carelessness are all too common when working from home. Education and developing good habits are therefore just as important as the security tools themselves.
Runrun.it has helped thousands of companies achieve higher levels of productivity at lower costs while negating security hurdles. We have developed and refined our own security best practices over the years. Feel free to share your security concerns in the comments below or send us an email to firstname.lastname@example.org, we will be delighted to help.