Whether we’re new to working remotely or veterans, whether we’re addicted to our jobs or unwilling slaves to our work, most of us don’t know the risks involved with this practice when we’re traveling and connecting to work computers and accounts via unsecured networks and personal devices.
Because most companies deal with sensitive information, they limit the access to their own computer networks and platforms to minimize threats like phishing, malware (viruses, worms, spyware, ransomware, etc.), Man in the Middle and DDoS attacks, and even computer theft!
You might think your organization’s CIO or CTO is a bit paranoid for treating you and other employees like security threats, but you’d be surprised to know that this is not far-fetched. In fact, it is likely that if a data breach or cyberattack happen during the holidays, you or a low-tier coworker might be partly responsible even if you’re unaware as to how this could happen.
According to the CEO of Nerds Support, Scott Richman, all businesses should have a relationship with a professional, established IT firm. “What we’re finding is that most of them do have relationships with IT personnel but are not educating them about the risk that remote users pose”, confessed Scott.
Implementing just a few of these practices will make the IT team at your company respect you a little bit more. So, here are some tips on how to work remotely the right way, in complete compliance with cyber security preventative practices.
Secure All Your Devices
This might be a tedious and time-consuming task, but it’s something that is absolutely necessary to prevent hackers from gaining the upper-hand! Below, you’ll find advice on what you could do to limit access to personal data in your device.
- Enable 2FA: To enable two-factor authentication, we might need to access both or personal and work accounts and follow the instructions that each platform provides. You could also use an authenticator app (like Authy, Duo Mobile, or Google Authenticator).
- Enable Remote Wipe: To set up remote wipe on your Android, Apple or Windows mobile device, first you’ve got to go to Settings, turn on the Find My Phone feature, and then active the erase device command in your phone.
- Encrypt your Hard Drive: In Mac, you just need to turn on the FileVault, and in PC, turn on BitLocker.
Scott says the biggest problem the NS team finds is that there is no process in place. Sometimes, when users remote-wipe their work device, it’s already too late because too much time has passed. That’s the benefit of working with an IT team: they have emergency security protocols in case these things happen and will act fast to minimize the threat.
Connect to the Internet Safely
Avoid public Wi-Fi/hotspots and use a VPN service if you absolutely need to connect from an unsecured network and get some work done ASAP. If you have the budget, you could also purchase your own mobile router and configure the network’s settings, or you could enable your personal mobile hotspot with your cellphone wireless provider (most big telecommunications companies can enable this feature on smartphones).
One thing that will help avoid data leaks is using secure videoconferencing and messaging apps, like Signal and WhatsApp. Here’s another practical tip: if you deal with company trade secrets or sensitive data, avoid talking about work in public spaces (remember: IRL there’s no such thing as a “cone of silence”, and people WILL be listening regardless they want to or not).
According to Scott, company communication should not be discussed in a public marketplace where anyone could misappropriate the intellectual property of your business. This happens to entrepreneurs often. They let their guard down while discussing their start-up ideas with their prospective clients over delicious coffee, and just like that, their new business concept has been stolen.
Use Productivity/Team Collaboration Apps Setting Up User Permissions
Your boss might ask you to use time tracking or task management apps, or to be “online” at all times so he/she can know if you’re actually working. However, you must know something: even though these tools maximize productivity, they could be detrimental for your company’s security.
Don’t assume these platforms are completely safe, as that would be a big mistake! It’s important that you keep high-security standards when using collaboration apps. That way, you will avoid revealing sensitive company and client data to malicious hackers.
Take a look at the security settings of the apps you’re using for team collaboration and project management and take the time to make your account harder to get into. Also, Scott recommends to validate any product that you use online. Check if they’re compliant with the latest security practices, and that they maintain their software and patch the bugs regularly.
Safely Access Your Work Email
Only send emails to co-workers who have company email addresses. For example, if your company is using G-Suite, don’t send personal or work emails from that G-Suite account to people outside the company network.
One of the biggest cyber security threats right now is phishing, as the techniques and methods have gotten more and more sophisticated with the years. Malicious emails are now more realistic than ever.
Scott especially warms about the dangers of phishing and spearfishing. “You’ve got to make sure that the person who’s emailing you is who they say they are. Any invoices you receive, claims of donations, or any prompts to reset the password to your bank account are all red flags, and you could be sending your personal and banking information to a hacker who could end up being able to access your governmental and financial records.”
Promote Remote Work Best Practices, Ensure Compliance!
Remember, promoting cyber security practices and cyber threat awareness is the best strategy to prevent embarrassing situations like data leaks. Train your employees, vendors and contractors on cyber security best practices, which include using strong passwords and password managers, turning off social logins (via Facebook and Twitter), set up or strengthen the spam filter on both your personal and work email, installing anti-malware software, and setting up a secure browser like Chrome with extensions like HTTPS Everywhere, Password Alert and uBlock Origin.
Also, remind your fellow employees with access to sensitive/valuable data to enforce these security measures, so everyone in your team can be safe from cybernetic threats.
Additional Remote Working Tips for the Holidays
Santa is making a list and checking it twice, and so are hackers. Don’t forget that. Just remember these tips, and never, EVER use personal, unmonitored devices to connect to company websites or access company data!
Scott’s final recommendation, said in a joking manner, is that if you don’t feel like you have any security measures in place as a remote worker, then just quit the Internet altogether. “It’s truly the only way you’ll be 100% safe from online threats”, said Scott while laughing.
If you must or need to work remotely and want to do it the right way, talk to us. We’ll help you set up a secure remote work environment (a “Workplace”, if you will) so you can safely access your work apps, files and website accounts, no matter where you are!