|Dave Pelland has extensive experience covering the business use of technology, networking and communications tools by companies of all sizes. Dave's editorial and corporate experience includes more than 10 years editing an electronic technology and communications industry newsletter for a global professional services firm.|
Remote Worker Cybersecurity
Remote workers can provide a variety of benefits to small businesses, but companies have to be sure they address the potential cybersecurity risk that accompany remote work.
Cybersecurity should be a priority for every team member, but the distant nature of remote work makes it easy for small businesses to overlook the risk to their data as it travels back and forth between team members, your cloud service providers, customers, contractors, suppliers and other people you do business with.
Understanding the types of data remote team members need to work with, and how they will access and share that data, is a key step in developing an effective cybersecurity risk management plan.
The most common cyber exposure to small businesses comes when company data is stored on a device that is lost or stolen, or when an employee or contractor intermingles company and personal data on the same device.
For full-time employees, buying a dedicated company-owned device is a good idea that provides an additional layer of protection in case that phone or tablet is lost or stolen. Before a device is issued, activate its ‘remote erase’ feature so you can prevent unauthorized access to any data stored on a lost or stolen device.
You won’t be able to erase a contractor’s device remotely, so you’re better off restricting the files he or she can access to only those they need to work for you. You can reduce the risk by creating shared file folders, either on your network on a file-sharing service such as Dropbox or Box.
By restricting the areas of your network that contractors are able to access you can limit the damage that someone could do by finding or stealing a device with your company’s data.
In addition, consider speaking with an attorney about adding confidentiality and responsible data use clauses to your contractor agreements. These will signal the importance of the issue to your company’s contractors and can lead to a higher degree of vigilance.
You should also mandate that any employee or contractor report the loss or theft of a device immediately so you can block that device’s access.
Similarly, you will need to block access quickly if a worker quits or you need to terminate them.
Another good protective measure is requiring the use of two-factor authentication whenever someone accesses your files or one of your company’s cloud service accounts. Under two-factor authentication, the service texts a code to the user’s device, and the user enters that code as well as a password. This process reduces the risk of someone using a compromised password to access your network or data.
Another common risk to company-owned data comes when employees or contractors access that data on public Wi-Fi networks. Because the data travels without encryption between the wireless access point and the device, the data is subject to digital eavesdropping by a hacker in the same location. A related threat comes when hackers set up phony wireless access points to try to capture users’ log-in credentials.
In both cases, requiring the use of virtual private network (VPN) software helps mitigate the risk. A VPN encrypts the data as it travels between devices, creating a virtual “tunnel” that protects the data from copying or unauthorized access.
Read other technology articles