Companies across the country are migrating operations virtually to prevent the spread of coronavirus. As the pandemic grows, so too does the need for businesses to find ways to work efficiently from home.
This adaptation to remote offices could mean providing employees with company laptops or allowing staff to work via their own machines. In both instances, the topics of cybersecurity and customer data come into question. After all, data breaches and identity theft were all-too-frequent occurrences before the pandemic—what’s to prevent it from becoming more widespread now?
The concept of working from home isn’t new. A 2019 study by Condeco found that 45% of US businesses offer remote work. While these businesses probably have policies in place to mitigate the vulnerabilities of working remotely, the majority of companies do not.
As a result, managers and staff within these organizations are learning new software and systems on the fly—unaware of the potential security risks to their customers’ data.
Here are a few tips to help those businesses keep customers’ data secure while working from home.
It’s common for businesses to share information and access to various software from time-to-time. Cloud access might be openly shared between departments for projects or cross-training. Several employees might have logins to CRMs or other programs they may or may not need.
While this might not seem like an issue on secure servers in your office, it can become one if employees use personal devices or unsecured networks. If their login credentials are still saved or they have access to an important folder, document, etc., so too would a hacker.
One of the first things you should do to protect your customers’ data while operating remotely is to audit and limit access to these important areas. If you haven’t done this recently, you might discover fired or reassigned employees with access to information they no longer need.
Review each of your programs and limit access to the necessary personnel only. If you have sensitive data sets, consider implementing a data-sharing policy that limits access to a select few to operate as gatekeepers, providing desired information to team members as needed rather than granting everyone access.
Limiting the number of people who have access to data can curb the opportunities for breaches.
A VPN sets up a connection between a personal device and a private server. This connection is encrypted, secure, and private. The goal of a VPN is to prevent hackers from using weak or unprotected Wi-Fi connections to access your data.
While the VPN protects your data from spying eyes, it may have access to your information. This vulnerability is why you want to thoroughly vet your VPN provider and consider paying for a reputable service instead of using a free option. After all, if you choose a free VPN, the company could be accessing your data and using it to monetize its brand in some way.
Setting up a VPN can also protect your company after the COVID-19 pandemic passes, allowing flexibility without the cybersecurity risks.
Like washing your hands, maintaining strong, varied passwords is an easy way to keep data secure and out of the hands of hackers. Most people openly admit to only using a few passwords.
In a survey of 1,000 internet users, the average email address was associated with 130 accounts, and 49% of people admit to reusing passwords. In fact, 61% of people change their passwords once or less per year.
Now is the perfect time to implement a company-wide policy to update passwords and their strength—especially on the accounts with access to sensitive data. You may want to invest in a company password manager or recommend password manager tools so team members can create dozens of different, complex passwords and store them in a secure environment.
Now is also a great time to implement multi-factor authentication—2-step verification—that requires users to verify their identities across multiple devices. For example, if you sign in to your desktop account, it might send your mobile device a text code to enter. This additional step helps verify the user’s identity.
While updating passwords and requiring 2-step verification won’t guarantee your accounts won’t be compromised, it’s an advisable start.
Another simple way to prevent consumer data breaches while working remotely during COVID-19 is to make your staff aware of cybersecurity risks and train them on internal policies.
Set time aside to meet with your employees and review your company’s data security protocols and expectations. Consistent with the virtual office, these meetings can be executed through a video conference or webinar.
If your business doesn’t have a cybersecurity initiative or guidelines, it’s a good time to create them. Start with a basic outline that addresses general best practices and expand it over time. With a formalized document in place, you can prepare your business in case of future crises.
Melissa Lanning Trumpower, executive director at BBB Institute for Marketplace Trust, recently stated that “social isolation is a key risk factor for susceptibility to scams, as is financial vulnerability.” She went on to indicate that we are at an increased risk of online scams in the wake of the coronavirus.
It’s safe to say that we’ll see an uptick in scams and phishing attacks targeting remote workers. Phishing emails will probably be one of the most common—expect hackers to message employees from recognizable emails and names, asking for common information, or linking to a seemingly reputable source.
One wrong step could grant cybercriminals access to sensitive information about your company or customer.
Be diligent about communicating common scams and phishing techniques. Also, monitor new scams and alert your staff to them as soon as you can.
Your team might only work remotely for a few weeks during this pandemic, but these data security practices can help your business long after COVID-19 passes. These are healthy habits that your company should have been practicing before the outbreak but may have forgotten about or grown lax on until there was an increased risk.
Consider setting up annual or even quarterly reviews of your data security practices to make sure you are up to date on everything you can do and your employees know how to keep customer information secure, no matter where they work.