8 work from home security tips to safeguard company data
Thanks to the ongoing pandemic, there has been (and continues to be) a sharp rise of work from home setups.
This changing work landscape hasn’t changed the unavoidable need for robust cyber protection. It doesn’t matter where your team are — you still need to safeguard your company data and be ready to defend yourself from cyberattacks.
But security challenges arise when employees are remote. They’re using their own Wi-Fi, downloading apps on the fly, opening private documents beyond the privacy of the office. The rise of home working, in short, represents a major new challenge for IT teams charged with managing company cybersecurity.
So, here are eight top tips to help you ensure work from home security.
What employers need to do
1. Use a VPN
A VPN, or virtual private network, is a service that creates an encrypted connection between user devices and servers. Used by businesses, this means that those working from home can connect to the office servers securely in order to access the resources they need.
2. Review access rights
Privilege creep (i.e., allowing employees access to services they don’t need) is a major cybersecurity risk for businesses. It’s even more pressing when considering your work from home security.
With workers going remote, the devices used by your team — and their accounts — aren’t confined to the office. So, it’s the perfect time to make sure employees only have the access rights to the information, tools, and resources they need to do their current jobs.
By making sure you have no unnecessary access rights, you cut down on the amount of damage a breach could potentially do.
3. Enable 2-factor or multi-factor authentication
With access rights reviewed and streamlined, you can also sure up the security around logins. Namely, with either multi-factor authentication (MFA) or two-factor authentication (2FA).
💡 2FA and MFA are methods of authentication that require the completion of two or more different factors before access is permitted.
See also: MFA vs 2FA: what’s the difference?
By using extra authentication factors, you make extra sure that the person logging in is who they say they are. So, if a password gets into the wrong hands, then a bad actor, a family member, or anyone unauthorised still won’t be able to access your teams’ systems.
4. Monitor your third-party vendors and service providers
Keeping track of your cybersecurity doesn’t just extend to your in-business security practices. You also need to make sure you’re aware of which third party services you’re using.
Shadow IT – i.e., unauthorised use of apps and services – could quickly become a problem in a work from home setting. This is particularly true if it is difficult for teams to access the tools they need, or get desired tools approved by the IT team remotely.
What remote team members need to do
5. Separate work and personal devices
One of the simplest ways to bolster your work from home security is to make sure that work devices are not used for personal computing, and vice versa.
Say, for example, a team member uses their personal computer to log into their work accounts. In doing so, they’re using a machine that doesn’t have the security software approved by your IT team. Worse, it may get used and accessed by other people. Or taken out of the house and lost. This all represents vulnerability for your sensitive company information.
Conversely, if a team member uses their work device for personal browsing, they risk their personal activities infecting the device holding business data.
6. Cybersecurity awareness training
Another great way to boost your work from home security is to make sure teams are aware of potential risks and how to keep systems secure.
Such training may involve:
- How to spot and avoid the various types of email scams
- Tips on how to be careful about social media sharing
- Good password practices
- Why updates must be done
- How to get software approved for use by your cybersecurity/IT team (and why it’s important they do)
- How to report any potential issues or breaches
7. Strong passwords and password manager
One of the most overlooked yet simple methods of protecting company data is to have good, strong passwords.
Passwords should not be sequences (i.e., 123456, ABCDEF, QWERTY etc.) They should also not contain personal information — for example, your name, birthday, pet name, etcetera.
Instead, a good password is one that is long, unique, and difficult to guess. Every account should have a different password, and you should change them semi-regularly, too. (To help, you can use a password manager tool.)
8. Don’t ignore updates
Outdated software is a major vulnerability when it comes to cyber security. It’s imperative, then, that home workers don’t ignore the updates to their computers, software, and other systems as they come.
Updates work to remove weaknesses from software. They sure up programs against ever more sophisticated cyber-attacks.
A good work from home security practice, then, is to make sure remote workers are regularly checking for — and installing — updates and upgrades.
Work from home security
Strong cybersecurity practices largely remain the same regardless of whether a worker is at home or in the office. The challenge comes in making sure such practices are followed — and supporting team members to be as security-aware as possible.
Privilege creep: do you really need access? A message from your IT team
What is a bad actor in cybersecurity?