WHAT IS NIST? THE COMPLETE GUIDE TO THE NIST CYBERSECURITY FRAMEWORK
Explore this comprehensive guide on how the NIST Cybersecurity Framework can be applied to your organization.
Data Security Tips for Remote Workers
50% of U.S. workers have a job that’s compatible with at least partial telework, and approximately 20-25% say they work remotely at some frequency, according to the latest statistics from Global Workplace Analytics. To say that the telecommuting movement is poised to be a short-lived one would be an incredibly misinformed statement. In fact, 80-90% of the U.S. workforce say they would like to telework at least part time, and studies show that employees are away from their desk 50-60% of the time. The business world has become a mobile environment, and with this reality comes the inherent risk of data security challenges.
As remote working options increase in popularity -- and are often required by today’s top talent and job seekers -- companies need to get ahead of the game in terms of strengthening data security. Is your business taking the necessary precautions to regulate the way remote employees work or share information? What are you doing to ensure top-notch data security? The telecommuting opportunities you offer don’t have to be at the price of your organization’s information security. Use the following data security tips to enable a productive yet safe infrastructure for remote workers.
Conduct Formal Security Training for Remote Employees
You can have all the best security technology on the market, develop the most detailed policies to protect your data and even employ the most competent professionals. But all of this does nothing to keep your data (and therefore your enterprise) safe if you’re not consistently helping employees understand and evade the dangers threatening your data security. This is especially true when dealing with remote workers.
If your people don’t receive exhaustive and consistent data security training, your organization will never be able to mitigate the risk of harmful intrusion that could devastate your business. When remote workers don’t fully understand the threats they pose from practicing insecure file and data management, their potential for opening the company up to a costly breach skyrockets. Even though these employees may not be in the office very often, it is necessary to ensure that they undergo comprehensive training on the critical aspects of data security, including but not limited to:
- How to avoid phishing scams
- The best ways to prevent a ransomware attack
- The requirements for utilizing strong passwords
- What highly insecure methods should not be used to transfer files
- Precautions to take before downloading or using an unsanctioned application
- Your business’s formal policy on data sharing, storage and usage
Mandate Strong Passwords for Work and Personal Accounts
Do not underestimate the importance of having safe and strict password practices. For remote employees, this is particularly crucial because they are often working from mobile and personal devices, which are at greater risk of being lost or stolen. Proper password protection may seem like an obvious aspect of data security, but many businesses fail to understand exactly what this entails.
Every employee or user with access to your data -- including those logging in remotely -- poses a risk to the security of that information, and weak or ineffective passwords are golden opportunities for hackers. Even if you have exceptional encryption capabilities, those will prove useless if an intruder unlocks someone’s password. That’s why it is necessary to ensure that your employees passwords always include a combination of numbers, upper and lowercase letters and special characters. They should be impossible to guess, changed on a regular basis and encrypted whenever they need to be transmitted.
The best way to ensure that effective password strategies are always followed is to implement a data management solution that promotes effective protection. For instance, all log-ins should require password or key authentication by default in order to ensure maximum security.
Enable Two-Factor Authentication
Two-factor authentication requires both a password and an additional form of authentication, like a numerical code or an IP address, before access can be granted. SSH-key authentication, in lieu of password, makes user access to critical business data both more secure and easier to manage, regardless of how people are connecting to the server. Because remote workers are logging in via various connections, two-factor authentication is a significant way to help safeguard your company’s data.
As your organization thinks about ways to strengthen the security of its critical files, be sure to consider the advantages of implementing a file transfer solution that has a robust management interface for configuring user authentication via passwords and/or SSH keys as well as a second authentication factor. It’s also best for administrators to have the capability to disable file sharing through public links and require user authentication for all file access.
Establish Strict Guidelines for Information Sharing and Saving
At many companies, highly insecure methods are still being used to transfer confidential files. Employees are circumventing IT protocols and turning to unsanctioned methods, like instant messaging, collaboration and social media tools. With so much critical data on the move, businesses must be able to quickly identify file transfer activity, or they set themselves up for major data breaches. Since remote workers also have access to your company data, they have the ability to save those files to their personal devices and share them however they choose. This is bound to cause serious security threats if you don’t enforce strict guidelines for information sharing and saving.
One of the most prevalent dangers surrounding file transfer practices is when employees attach private company documents and data to personal email. Surveys have shown that a vast majority of business users send classified or confidential information via corporate email attachments for the sake of convenience and efficiency. Unfortunately, these actions translate to greater risks in terms of data loss and theft.
Your remote employees may also be utilizing USB thumb drives or other external means for file transfer purposes. Unfortunately, if a worker loses the USB device, smartphone or other external device containing business or personal information, they open your company up to tremendous danger. It is essential to put a firm policy in place regarding how, where and why file sharing takes place. In addition, solutions like FTP are a great way to lock down permissions and secure your data.
Keep Work Computers and Applications Up to Date
PCs, laptops, smartphones, tablets -- these devices are all used by remote workers, and they all come with their fair share of dangers. As hackers and virus technology become more advanced, your employee’s devices and your company’s data become more difficult to protect. Defending against these threats demands a proactive approach, including keeping all hardware and software updated. This is the only way to ensure that your data security defenses don’t become outdated and useless.
If you’re not already executing a multi-level approach to data security for remote workers, it’s time to make this a priority. You don’t have to sacrifice your critical data assets just because your business accommodates remote workers. Take advantage of these data security tips, and learn more about how to train your workforce by downloading this free resource: Data Security Training Guide (Your Employees Can Be Your Biggest Risk).
About Martin Horan
Founder of FTP Today and an expert in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.