Working from home is steadily becoming the standard for U.S. employees. In a recent PwC survey of U.S. executives, 83% of employers said their companies successfully shifted to remote work, and businesses are beginning to see the benefits.
However, this raises some concerns as remote work may not be as secure as working in an office.
Team members may innocently assume they’re taking the proper measures to safeguard against security threats; 55% of employees have said they are responsible for securing access to the documents they create. Although team members may be responsible for securing access to company documents, most don’t have any tools to help them. Access control issues persist: 52% of people have accidentally added their personal accounts to company documents. Remote employees leave companies open to more security holes than they realize.
But how do you mitigate access control risk along with other cybersecurity issues?
11 tips to keep company documents secure in a remote work environment
1. Set up a VPN
The ability to work in flexible locations with a reliable internet connection is essential for remote employees. However, logging in from your favorite coffee shop can come with risks. With insecure connections and questionable WiFi, your shared data and files could be exposed.
One way to stay safe no matter where you are is by setting up a Virtual Private Network (VPN). VPNs make it more difficult for scammers to know the exact location of your device, and they establish a secure connection between your remote employees and your network at the office. Data that passes through a VPN is encrypted, and it cannot be “seen” by others unless they have the correct credentials. Using a VPN is an easy way of ensuring that sensitive documents that must be accessed by remote employees are kept safe.
2. Require two-factor authentication
Many organizations now make it a requirement to use two-factor authentication for data security management. It allows users to confirm their identities and makes it more difficult for cybercriminals to easily access company data.
Two-factor authentication can use a username and password along with a PIN sent to the user’s phone or a QR code generated through an authenticator app. A password alone, even a strong one, is often not enough as hacking systems become more sophisticated, making 2FA a more secure option.
3. Create unique passwords
This may sound pretty obvious, but team members who are new to remote work may not understand how important this is. The rationale behind using unique passwords for each site is that cybercriminals can get a password from one account and easily use the same login on other sites. It’s important not to reuse your password for other sites and use strong passwords for each website and app.
The best method to keep track of all your sites is to use a password manager. Of course, you can use a physical one or even a safe, but they are nowhere near as convenient as a digital password manager which will generate strong, unbreakable passwords for you.
4. Use firewalls, antivirus software, and antimalware
It’s important that all remote workers have up-to-date firewalls, antivirus software, and antimalware. However, employees should also have proper training on how to use these protections when working remotely and how to keep them properly updated.
5. Complete software and security updates regularly
It’s crucial to stay on top of software updates so that company-issued devices are equipped with the latest updates and security measures. To ensure that updates happen on time and frequently, turn on automatic software updates on all devices for the latest operating system and best security performance.
6. Encrypt your files
Encryption software can protect your company files by blocking unauthorized access from all third-party users. Encrypting files provides another layer of security that’s easy to use for remote workers. When placing encryption on the hard drive, the encryption software scrambles the data into unreadable content that can only be descrambled with the correct password. After entering the password, the file’s contents revert to normal.
7. Separate company and personal devices
When working remotely, it’s important to set boundaries between our personal and work lives. Establishing these boundaries also makes it easier to separate the technology we use daily. Ask team members to avoid sharing their company’s devices with family members who are unaware of best security practices, particularly children. Keep personal accounts separate from company accounts to prevent sharing sensitive information through personal channels.
8. Have cybersecurity policies and training
Not all team members are aware of how scams and cyberattacks work. Companies must ensure that all staff go through basic cybersecurity training. What might be obvious to one team member may not be for another, especially for employees who are not technologically savvy.
If your team members have been working remotely for some time, they may have been focused on significant security concerns and might have overlooked the basics such as:
- How to spot phishing, scams, or email malware.
- Not downloading just any browser plug-in on company devices (Provide a standard list to help your team members work more efficiently.)
- Not using personal devices for work use and company devices for personal use.
Businesses might regularly test their team members to determine their judgment in identifying a potential cyberattack. If some employees do better than others, those who are not as knowledgeable could receive more training.
It’s also vital to establish clear cybersecurity policies and make them available to all employees.
Recommended Cybersecurity Policies
- Information management
- HR remote working guidelines
- Software updates
- Creation of unique passwords
- Virtual Protected Networks
- Using public WiFi networks
- Connecting to the company server
- Device Security
- Acceptable use of devices and information handling
- Documents copied to a personal device
- Documents sent to a personal email
- Home printer drivers
- Use of flash drives
Overall, team members should understand exactly what is expected of them regarding data protection, confidentiality, and code of conduct. Establishing cybersecurity policies is essential, not just for the immediate future but for long-term safety. After all, remote work is growing and is unlikely to end soon.
9. Use online-based tools and platforms
Companies should choose a core set of tools to allow their team members to collaborate, share, and use information through secure channels, whether remotely or from the office. Tools such as remote access file sharing, project tracking, chat functionality, and video conferencing can all help achieve business objectives.
Once selected, these online tools and platforms should become the primary way for employees to connect and carry out work tasks while keeping confidential documents safe and secure.
10. Restrict confidential documents with an access control system
Implementing limited remote access to confidential and sensitive data on a need-to-know basis can help reduce security risks and prevent a severe security breach from occurring when working remotely.
However, many companies ignore their document access problems and are unclear on who has user permissions and what permissions they have. This ignorance causes leaks, breaches, and lawsuits.
Organizations need to review and keep a record of which team members have remote access to certain documents and revoke access upon project completion, job changes, or when the data is no longer required.
This whole document audit process can be time-consuming. Using an access control system streamlines the document audit process and helps control who can view, access, or use company documents.
11. Collaboration with third-party partners and vendors
Remote-access situations require careful collaboration with third-party partners and vendors.
It’s important to select vendors and partners that are as committed to remote security as you are.
One security area that is often neglected is sharing information with external parties. Collaboration is constantly happening between companies, but how often is a vendor’s access removed once a company is no longer working with them?
Most companies have no idea which vendors had or have access and, unfortunately, are not offboarding these external companies when projects have been completed. Only 41% of employees have said they sometimes remove vendor access.
This means that vendor access continues for most businesses after projects have been completed unless IT is actively monitoring this.
With Nira, our real-time access control system provides not only complete visibility into each and every cloud document and employee but also to third parties and vendors that have access to company documents by:
- Identifying all vendors and third parties who have access, assessing their risk, and removing unnecessary access.
- Fully offboarding vendors by removing access for each of their accounts, including personal accounts, and transferring ownership of documents to new accounts.
- Identifying public links and unauthorized access to confidential documents owned by vendors.
How to secure your documents right now
As the pandemic continues, businesses are thinking through the best ways to drive productivity while keeping their team members safe in a remote work environment.
Even as people start to transition back to the office, hybrid work environments are gaining popularity and could become the norm. Forrester predicts that once people have settled into new work patterns post-pandemic, we will still see a 300% increase in employees working remotely from pre-pandemic levels.
It’s essential to provide regular refreshers on data security policies and training. With the proliferation of online collaboration tools, controlling who has access to company documents and who doesn’t is a responsibility that doesn’t just fall on IT and security teams. Each and every employee is responsible for securing the documents they create and share with coworkers and external parties.
Request a demo today to see what Nira can do to protect your company from unauthorized access.