Distributed Workforce Security Tips
The adoption of cloud computing and SaaS apps has skyrocketed in recent years and enabled enterprise companies to effectively operate with a distributed workforce. In fact, almost three-quarters of companies run nearly their entire operations in the cloud. These organizations are eager to capitalize on the speed, scale and flexibility cloud-based infrastructure can provide their global teams. But as cloud computing grows in popularity and transforms how businesses collect, use, and share data, it also becomes an attractive target for cybercriminals. By moving data outside the premises of a single physical office and across a global network of devices and access points, asset management and security has become a major challenge for enterprise companies. In a survey by Wi-Fi security company iPass, 57% of CIOs reported they suspected their mobile workers had been hacked or were the cause of security problems. Global companies with a geographically distributed workforce have to take data security seriously and implement a comprehensive security plan to protect their employees and sensitive company data.
Top 5 Security Challenges and Solutions For Distributed Teams
1. GDPR and other date protection law compliance
The General Data Protection Regulation (GDPR) is Europe’s data privacy and security laws that went into effect on May 25, 2018. This law has quickly become a major priority for any company that does business in Europe, has European customers or employs European staff or freelancers. A study by Apricorn found that 30 percent of companies that are required to be GDPR-compliant feel that their European remote workers cause them to be non-compliant. In addition, companies with operations in North American must comply with The United States’ Can-Spam law and Canada’s Anti-Spam Legislation. Compliance with these regulation remains a big challenge for companies with a distributed workforce. Many remote employees use their personal email or public Wi-Fi to send work related documents. This poses a huge data security risks for companies. Hackers are leveraging GDPR and other data protection laws to extort non-compliant businesses to pay a considerable ransom fee instead of dealing with government fines. A study by Sophos, a security software and hardware company, revealed almost half of UK IT directors would “definitely” be willing to pay a ransom fee to hackers to avoid reporting a data breach and risking a fine under the EU data protection laws.
Solution: Implement company-wide security policies and procedures
To remain compliant with data protection laws, clearly defined, document and educate employees on security policies regarding how to handle business data at all times. This includes specifying in writing what employees can and cannot do with work-related devices, information and documents. Ensure all data is encrypted and set permissions on who can access sensitive company data. Finally, have clear remote work policies on how employees should connect to the company’s network as well as home and public Wifi policies.
2. Tracking and managing assets in the cloud
Enterprise companies with distributed teams are often tech-based businesses with IT assets like software, data and other pertinent business information. Most of this invaluable data is stored and accessed through the cloud. "The cloud" refers to servers that are accessed over the internet, and the software and databases that run on those servers. Trade secrets, confidential reports, employee and customer information and even visual collateral such as logos and campaign artwork are all sensitive proprietary information that’s stored in the cloud and needs to be protected from all kinds of external threats. One small leak can disrupt or halt a business’s operations. Even worse, a major breach of security or data loss can completely shut down a company. One study found that 93% of companies that lost their data for 10 days or more filed for bankruptcy within one year and 50% filed for bankruptcy immediately.
Solution: Use cloud management and security tools
In order to keep your company’s data secure without interfering with employees’ workflow and productivity use an IT management solution like Syxsense Cloud Management Suite. This gives employees the flexibility to securely use their work devices remotely. For IT, Syxsense combines endpoint management with real-time, predictive and proactive endpoint security and monitoring services. For added protection, use additional security monitoring tools like geofencing, predictive asset monitoring, and ticketing systems to help fend off cyber-attacks. These solutions give the IT team the ability to monitor and track cloud traffic to ensure all employees are compliant with the company’s security regulations.
3. Reduced security on employee’s personal devices
Traditionally, employees used designated office devices for work that were secured with physical and electronic layers of security. Today, with the popularity of distributed work, many organizations are embracing a BYOD (bring your own device) policy that allows employees to use their own laptops, tablets or smartphones for work. This saves companies money since they do not have to purchase new technology and employees have no learning curve since they are already familiar with the device. But with this increase in work flexibility comes an increase in security risks. An employee’s personal device may be unsecure and pose a major threat to data security. Additionally, many remote employees connect to public Wi-Fi networks with their personal smart devices, which can expose their important data to a cyber-attacker. In a study by iPass, 95 percent of businesses admit that their mobile workers are a security challenge.
Solution: Encrypt and secure all devices
First, employees should specify which devices they use for work, including any personal phone, tablet or computer, so those devices can be properly encrypted and secured using company certified security and antivirus software. Security tools like AirWatch not only lets you secure employees devices but also track, locate or erase devices remotely incase the device is stolen. Next, increase employees’ awareness about possible data security breaches and educate each employee on data loss prevention best practices. This should include clear and precise remote work security protocols and policies.
4. Inadequate Backup and Recovery Systems
70% of employees have experience data loss due to viruses, system failure or some other disaster. Many organizations do not have an adequate backup and recovery system in place for this type of data loss. For companies that have a BYOB policy this problem becomes even more pronounced. Employees may use the same smart device or laptop for both work and personal use, often mixing up business and personal data, exposing each to the vulnerabilities of the other. For example, an employee may download a movie for personal use on their laptop without realizing the file contains malware. The laptop crashes and both the employee’s personal and work data is lost. Recovering this data may be impossible without a backup and recovery system in place.
Solution: Use a cloud backup solution
Fortunately, there are number of ways to resolve this issue and ensure complete backup and recovery of data. A simple solution is to have employee’s backup their computer to a local or external hard drive. Companies can also provide a centralized data backup and recovery program for all the devices on their network. Both of these options, however, have limitations since the data backup devices and servers are prone to failure and hacking. The best option is to choose an enterprise-grade cloud backup solution. Plenty of SaaS providers such as CrashPlan and Veeam provide an all-in-one cloud backup and recovery solution for all your data.
5. Communication leaks and hacks
Some of the biggest brand names in the world have experienced communication leaks and hacks. Companies like Apple, Microsoft, Facebook and Sony’s film studio have all had costly communication breaches, allowing outsiders to get their hands-on valuable information. Many of these exposures are due to employees sending business critical files and confidential messages through communication channels that were not secured. Using unencrypted communication platforms for email, instant messaging, audio calls and video conferencing can expose your private information and make you vulnerable to hacks. These security breaches are costly to companies. Globally, cybercrimes damages cost companies 6 trillion dollars per year.
Solution: Use end-to-end encrypted communication solutions
When looking for a new communication provider or reevaluating current vendors, security should always be a high priority component of your search. Look for a solution that has a track record of keeping their client’s data safe and one that offers the latest security technology like end-to-end encryption. End-to-end encryption (E2EE) is a system of secure communication between users that blocks third-parties from reading the messages. Data that is end-to-end encrypted ensures privacy between sender and recipient, mitigating risk and protecting sensitive data. Not all communication services enforce security and encryption, but Lifesize offers the highest level of security and end-to-end encryption enabled by default.
“It’s concerning that all of the hype around cybercrime – the headlines, the breach notices etc. – makes us complacent. The risk is very real and we can’t allow ourselves to be lulled into a sense of inevitability. We all have a role to play in how we protect our businesses from the accelerating threat of cybercrime.”
Best Practices to Ensure Security
The human element can undermine the strongest security systems in the world. That’s why it’s important for every employee to understand the risk of a data breach and strictly follow company-wide security protocols. Data security training should start during a new hire’s onboarding process. Emphasizing the importance of cyber security early on helps foster good security practices and makes employees aware of their actions. In addition, companies should educate all employees on new protocols, security risks and best practices on a regular basis by holding trainings, sending out informative memos and using online training modules. Below we’ve outlined some security best practices to help keep your employee’s information and sensitive company data safe.
Create and enforce a remote work security policy
Your organization should have a comprehensive remote work security policy in place that helps safeguard against employee negligence, breaches, hacks and other external threats. This policy should clearly outline what is and isn’t acceptable when sending and receiving files, communicating with people inside and outside your organization and handling sensitive company data.
Avoid using unsecured Wi-Fi hotspots
Unsecure WiFi networks that you often find in public spaces are a virtual gold mine for hackers looking to steal private information. An unsecured WiFi network can usually be access without any type of security feature like a password or login. Conversely, a secured WiFi network requires a user to agree to legal terms, register an account or type in a password before connecting. However, even secured public networks can be risky so employees should use with caution.
Avoid clicking on links from pop-ups and unknown emails
Beware of phishing. Phishers try to trick employees into clicking on a link that may result in a security breach. Malicious links may contain viruses or malware embedded in them. Often these links appear in a pop-up window, an email from an untrusted source or any other form of communication you didn’t initiate. Advise employees to never click on suspicious links or open attachments from an email address they don’t recognize.
Create strong passwords
One employee’s weak password has the potential to compromise not only the employee’s personal data but also the sensitive data of the entire company. Every year, SplashData publishes a list of the top 50 worst passwords, and every year, passwords like “123456” and “password” top the list. Passwords should be at least eight characters long and include letters, numbers and at least one special character. Avoid using your name, pet names, children’s names, children’s birthdays and anything that people can easily find on your social media profile. Lastly, passwords should be updated every one to three months to reduce risk of your account being hacked.
Use multifactor authentication
Multifactor Authentication (MFA) combines two or more independent credentials in order to log into an account or access data. This may include a user’s name and password with an additional verification like a fingerprint, security question or a verification code that is sent in a text message to an employee’s cell phone. MFA creates a layered defense that makes it more difficult for hackers to break into computing devices, database or companywide network. If one factor is compromised, the cybercriminals still has at least one more barrier to breach before successfully accessing the private data.
Be cautious of software downloads
Many employees naively believe that a software download from a trusted brand is safe, but the internet is full of sites offering software downloads masking as well-known brands. These malicious downloads may contain malware, trojans, spyware, worms or other types of viruses. Have a download policy in place and make sure every employee understands the protocol for downloading software on their laptop and smart devices. To help reduce the risk, IT can also limit downloads to company devices.
Virtually and physically lock devices, servers and data storage
Employees should lock their devices any time they leave it unattended, especially when working in public spaces. This means locking the screen when you step away and making sure the physical device can’t be stolen. Ensure the devices “auto-lock when idle” setting is enabled, and programs are set to aggressively time out when not in used. In addition to employee’s work-related devices, server rooms and data storage locations that contain sensitive information should also be securely locked.
← Previous Chapter Next Chapter →