With the coronavirus raised to pandemic status, US businesses are being forced to introduce remote working in an attempt to protect staff, while minimizing interruption to operations. This short-notice surge in remote working will require urgent thinking about business data security.
According to Flexjobs, some 3.4% of the US population worked remotely as of 2017. Though this was a rise of some 159% compared to 2005, it will pale in comparison to the uptick that’s about to come.
Given the urgency of business contingency plans now being enacted, the vast majority of US businesses – and their workforces – may feel unprepared for remote work. We explain the major security risks to consider, and what actions businesses should prioritize.
Security Risks When Working From Home
Aside from raising questions about how employees can operate efficiently from home, the sudden need for mass remote working also highlights the importance of business security best practices. As an employer or employee considering a shift to working from home, the following questions should be front of mind:
Will you be using your personal laptop or work laptop?
Your work laptop should be fitted with security software that protects your business. If you are working from home, or are likely to be, you should use your business provided equipment where possible to minimise risk.
If you are forced to use your personal laptop, speak to your business about installing antivirus software, or receiving a license to do so. It’s in a company's interest to make sure that its employees devices are safe.
How are you transferring business data?
Shared drives? Transferring files by USB? Emailing files to yourself? Data sharing is a delicate operation.
In many businesses, data is transferred entirely through cloud technology such as Google Drive, but some still rely on USB drives, and other physical storage devices. If this is the case for you, then bear in mind that a USB drive is easily misplaced, and also easy to get into. The last thing a business needs is a bunch of sensitive documents left on a thumb drive on a commute home.
Password protection on documents is a great way to add a layer of security in the event of losing or misplacing a device. Overall, we'd recommend using shared cloud storage as the most secure way of accessing and sharing company data. Corporate cloud drives should only be accessed by approved business accounts
Are you installing system and security updates?
Whether you are working on a personal or work laptop, bear in mind the system and security updates for the various programs you use. Communication software is one example that may require regular updates to maintain security.
Follow your employer’s advice where they provide it, but also make sure that you don’t fall behind. It can be tempting to postpone an update for another time, but that can quickly snowball into weeks if you keep snoozing those reminder messages.
Can you enable remote access to your servers?
If employees need to access sensitive business information that's held on the company servers, then the smartest way to go about this is using a business VPN.
Put bluntly, you're not going to want dozens of staff members, spread across multiple locations and using WiFi networks with indeterminate security settings, all accessing your company servers. For true business security, the smartest thing to do is invest in a corporate VPN system. Your next step should be to insist employees connect over it.
Recommended Best Practice for Business Security
As a business, there are steps that you can take to aid your employees and to make sure they stay safe.
Prioritize education with clear messaging of best practices
If your workforce isn’t used to remote working, then education is key.
Simple guidelines on how to work best are easy to share, and widely available online if you're finding yourself creating a policy from scratch. It’s also important though to set clear expectations. And that includes expectations around data security and best practice for keeping your corporate information safe.
If you want to make sure your staff to continue to operate effectively out of office, make it clear what you want them to do and where your red lines may be. Remote working shouldn’t mean that deadlines shift or that goals are lowered. Be clear and keep your messaging consistent to make sure you get the most out of your teams.
Get the right software – antivirus for businesses
According to Cybint Solutions, 62% of businesses experienced phishing and social engineering attacks in 2018. Meanwhile, only 5% of companies have sufficient protection, according to Varonis.
Antivirus software for business is essential for keeping your data secure and your technology working effectively. Don't presume that your employees are all running security software on their home computers – much less, that they're updating it automatically to guard against the latest threats.
To stay extra safe, consider the following steps:
- Extend software licenses to all computers, including personal ones if required
- Don’t expect staff to monitor their own systems, your IT team need responsibility
- Check in with staff regularly, and ensure they are clear on the essential practices