A dramatic rise in the number of people working from home has increased the risk of a data breach for many organizations. If your company works with sensitive data, it’s more important than ever that you and your employees take precautions to safeguard your company data and its privacy.
Start the new year right by ensuring everyone on your team is educated and up to date on these 7 best practices in data protection for working from home.
1. Make sure your devices are patched and up to date
To prevent your devices from becoming a vulnerability point, you should set aside time each week to run security updates on:
- Your computer
- Your router
- Any other devices connected to your network
Alternatively, you can enable auto-updates on all your devices to ensure they update automatically whenever a new security patch becomes available.
2. Run anti-virus or anti-malware software on your home computer
While your company computers probably have anti-virus or anti-malware software installed, we don’t always think about running protection software on our personal computers.
If your work computer and personal computer are connected to the same network, each can pose a security threat to the other. Make sure your policies around data protection for working from home include using cybersecurity software across all devices.
3. Create separate wireless networks for different devices
Most of us use a wireless network (wi-fi) when working from home. Some of the smart devices we connect to our home network, however, can serve as gateways for cyber thieves looking to gain access to our router – and to our connected work devices.
You can side-step this threat by creating two separate wireless networks:
- One for less secure IoT (internet of things) and smart devices, and
- One for critical tools like your work computer
By separating out connectivity, risks in one area won’t leak into the other. It’s also worth advising that employees avoid using public wi-fi when they work remotely.
4. Secure all your passwords
Have your team follow these professional and personal data security tips to keep all their passwords protected.
Tip #1: Take advantage of multi-factor authentication (MFA) or an authenticator app like Google Authenticator.
Many websites accommodate 2-factor authentication to enhance cybersecurity. In addition to requiring your password and username, for example, a website might send a text message to your phone with a verification code you must enter online.
Since this form of MFA can potentially be compromised if your phone number gets taken over, you also have the option of using an authenticator app.
An authenticator app runs on your phone and generates codes on a regular basis. Because you need both the device and your password and username, verification codes can’t be compromised from a text message.
Tip #2: Be smart with passwords.
Always use a strong password, never use default passwords for multiple accounts, and be sure to regularly change all your passwords.
Tip #3: Store passwords properly.
Avoid storing passwords on a piece of paper, a computer document, or inside an insecure program. If your employees have access to client bank accounts and other confidential platforms, make sure those passwords are also stored safely.
We recommend password management tools like LastPass or Okta for storing passwords and credit card or bank account information.
You can use a password manager to:
- Generate unique alphanumeric passwords
- Store passwords in the cloud
- Safely share passwords with other team members
Not only can you restrict viewing access for shared passwords by having usernames and passwords autofill on login platforms, you can quickly revoke access authorization in the event of employee termination or security issue.
5. Secure your email account
In many ways, email accounts are even more vulnerable than bank accounts from a security perspective because so much confidential information passes through them.
Your work email, for example, might contain HR records or other personal information belonging to employees or clients. And because your email is often the recovery instrument for other accounts, once a hacker has access to it, they may gain entry to other online platforms.
Make sure your team’s email accounts leverage multi-factor authentication, and their passwords get changed out regularly.
6. Encrypt everything that stores valuable business data
To keep your business as safe as possible, consider encrypting your emails and files. When you encrypt your data, it gets changed into a code that can only be translated and read by someone with the password or decryption key.
If your organization has a BYOD (Bring Your Own Device) policy, meanwhile, make sure your employees encrypt their personal devices (including laptops, tablets, and phones) and back up important data to the cloud. That way, if someone’s device is lost or stolen, the data will still be stored safely.
7. Run data security training sessions
Employee negligence in the handling of sensitive company or customer data poses a major risk to your business.
The best way to mitigate this risk is by providing regular security training sessions that ensure:
- New remote employees are educated on your data protection and security practices (especially when working from home offices)
- Existing employees that are working remotely are kept up to date on new phishing attacks or cyber threats making the rounds
Ideally, your business will have an IT person or team that employees can contact in the event of a cybersecurity issue. Security personnel should have the capacity to quickly investigate and determine the extent of a threat, while keeping employees informed about issues that might affect them.
If your organization lacks the resources to hire a full time IT security professional, companies like Kobalt Security can access gaps in your security measures and provide cybersecurity monitoring to help keep you protected. You can learn more about their services here.
As a business owner, it’s your responsibility to protect both your organization’s data (think payroll information, for example) and that of your clients. Data breaches can lead to financial hardship, reputational damage, and loss of customer trust.
Providing your employees with proper training in data protection for working from home will help keep their accounts, mobile devices, and networks secure, making your business less likely to fall victim to a cyber attack.