Connect with us

Resources

Preventing Data Leaks With Remote Workers

Avatar photo

Published

on

graphs of performance analytics on a laptop screen

 

Despite the many benefits of hiring remote workers, there is a substantial increase in the risk of insider threats and data leaks connected to remote work. This is a standing issue for even experts in the business field, let alone startup owners just venturing into the business world.

Titan Security Europe has operated entirely remotely for a decade. As experts in the field of remote work, we are going to offer advice from a cyber and physical security perspective on protecting your business from data leaks when working with remote employees.

Statistics

Before getting into what you can do to prevent data leaks from your remote workers, it is important to know the facts.

Here are some statistics on the cybersecurity threats when working remotely, according to Wifi Talents:

  • 75% of IT professionals say that businesses are more vulnerable to cyberthreats now that they have switched to remote work.
  • Over 55% of IT professionals think that remote workers are more likely than in-office workers to breach company policies, leading to a higher risk of leaks.
  • 95% of cybersecurity breaches are down to human error.
  • 80% of remote workers do NOT have adequate cybersecurity training.
  • Businesses experience an average of 22 security threats per week due to remote workers.

While these statistics indicate a major issue with remote workers, do not let this deter you from hiring remote workers for your startup company. The benefits outweigh the risks, as long as you successfully manage the risks.

How To Combat The Issues

When it comes to remote workers, there is a specific set of security concerns that may arise with regards to data. There are steps a business and employees can both take to combat these issues.

Unsecured, Vulnerable Hardware

Employees using personal and unsecured devices could lead to data leaks. These devices often do not have the level of security a company device will have, and work files mixing with personal files can lead to negligent leaks.

What can you do?

  • Provide employees with a company device with the below processes installed onto them. If not possible, ensure that employees install the following onto devices they will be working on:
    • Multi-Factor Authentication: A system that only allows users to log in to a device or server by following multiple steps. For example, on top of a password, they must have a code sent to another device, use their fingerprint, answer a secret question, etc. Examples of MFA software include JumpCloud, ManageEngine, Cisco Secure and more.
    • Endpoint Security: The practice of safeguarding all devices connected to a network, Endpoint Protection Platforms examine all files as they enter the network, allowing for malware and threats to be detected quickly. Examples of Endpoint Security include Cisco Secure, WatchGuard, Avast Business Security and more.
    • Encryption Software: File and data encryption softwares installed onto devices used for work protects all data from being amended without authorisation, stolen or compromised. Encryption softwares include Secure IT, Folder Lock and Kruptos 2 Professional.
  • Set up a Remote Work Policy that states that only devices set up with the above programmes can be used for work.

 

What can employees do?

  • Follow your set policy and work only on company provided devices.
  • Where possible, do not use company devices for personal use.

Unsecured, Vulnerable Networks

One of the biggest security concerns for remote work is unsecured and vulnerable networks. While a personal at-home network is normally fine, a public and unsecured network leaves devices extremely vulnerable.

What can you do?

  • By storing data in a server rather than a device’s database (especially a server with MFA or encrypted data) you can ensure that sensitive data will be protected even if a device is logged onto an unsecure network.
  • Data is kept separate to the device, so even if the device becomes compromised through an unsecure network, data is still kept safe.

What can employees do?

  • Avoid public networks when possible.
  • Use personal hotspots or work offline if in public.
  • Use VPNs to secure connection.

Less Oversight on Data Handling

When employees are all working from home, it is far harder for security teams to monitor the handling of data. There are more devices and servers and networks for them to be concerned about. There’s also a risk of employees having their laptops open in public, and members of the public seeing sensitive data.

What can you do?

  • If your data is all held within a server and cannot be downloaded or shared, data handling will become far less a risk.
  • If data has to be downloaded to be used, enforce in your policy that the moment employees have finished with the data they are using, they reupload it to the cloud, and delete it from their device.
  • Implement tracking software into company-given devices for remote workers to use. This will allow security teams to track the data handling on individual devices.
  • Ensure that you have the details of every device accessing your systems locked, so that your security team can use the necessary software to wipe devices of all company passwords, data or documents the moment they are reported lost or stolen.

What can employees do?

  • Report a lost device as soon as it happens.
  • Avoid working in public when possible. When not, ensure no one else can see their screen.

Email Scam and Phishing Susceptibility

Remote workers are, like all workers, at risk of phishing and email scams. Being out of a corporate environment may lead to carelessness and a changed perception, making remote workers more susceptible. Employees are also less able to verify whether an email came from a colleague when they are not in the same room.

What can you do?

  • Circulate conversation. Run seminars on how to spot a potential scam and what to do if an employee thinks they are being scammed.
  • Keep employees in the loop of stories of phishing scams.
  • Monitor employee emails – screen any potential scams.

What can employees do?

  • Send any email they think may be a scam immediately onto a superior.
  • Avoid opening links from people they do not know.
  • Only respond to emails from colleagues and known clients until an email has been screened.
  • Have non-email contact details of all colleagues, such as phone numbers. Use these to verify whether an email was sent by a colleague or not.

Unattended Devices

Much like in offices, unattended devices are a huge security risk – but more so with remote work, as anyone, not even just other employees, could access data held within

What can you do?

  • Password protect any and all data on the device.
    • MFA as mentioned above provides an additional layer of security.
    • Ensure data is encrypted. This jumbles data up into an unreadable format unless a very specific digital key is used. This specific digital key will only be known by employees who need to have access to that data.
  • Ensure that login – with MFA – is needed every time data is accessed, even if said data was only closed down moments before.
  • Employees will only be granted access to the specific data they need by only having the passwords to that data. Sales employees, for example, do not need access to human resource information.

What can employees do?

  • Password protection – McAfee suggests passwords should include upper and lowercase letters, special characters and numbers to ensure a strong password. All work devices should have unique passwords that employees do not divulge to anyone else.
    • MFA: Employees should have a trusted device to send MFA codes to or a personal security question only they will know the answer to.
  • Never leave their devices unattended in public.
  • Ensure devices are locked when they are not being used.

Compliance and Data Regulations

Security teams need to ensure that data practices comply with GDPR regulations.

  • Without a set policy, employees can easily break GDPR regulations with data access and management.
  • By limiting the data employees have access to and implementing security measures as outlined above, complying with legal security regulation will be far easier.

Juggling Security and Employee Trust

It is imperative that you ensure your company’s data is protected from negligence or even malicious leaks and insider attacks. However, it is equally as important that you ensure your employees know that they are trusted.

Juggling security with employee trust can be tricky. Here are some tips and tricks to manage it:

  • Inform your workers. Tell you workers exactly what security measures you are undertaking, and tell them why – it is a safety blanket to protect data, not a trust issue.
  • Give them the facts. Explain that most data leaks come from innocent mistakes and negligence.
  • Allow for SOME privacy. Track what you need to track – databases, company sites, business communications and so forth – but do not track every move made on a device. Employees deserve to not feel as though their every move is being watched.
  • Circulate conversation. Hold virtual meetings where you discuss data leaks, threats and more. Send out stories of data leaks to prove the point being made. Get employees talking about data leaks and what they can do to prevent them.

Conclusion

When it comes to remote workers, it is imperative to consider both the benefits and the risks.

They are efficient and cost-effective for startup companies, as they allow for you to hire workers without worrying about renting out office space. Remote workers also tend to be more motivated, and enjoy the work/life balance of remote work.

However, you must consider and prepare for the potential security leaks. It is not a case of trusting your employees – not when the vast majority of leaks are down to human error. It is about taking all the steps possible to ensure that your remote workers can access the data they need with minimal chance of leaks.

 

Kossi Adzo is the editor and author of Startup.info. He is software engineer. Innovation, Businesses and companies are his passion. He filled several patents in IT & Communication technologies. He manages the technical operations at Startup.info.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Read Posts This Month

Copyright © 2024 STARTUP INFO - Privacy Policy - Terms and Conditions - Sitemap

ABOUT US : Startup.info is STARTUP'S HALL OF FAME

We are a global Innovative startup's magazine & competitions host. 12,000+ startups from 58 countries already took part in our competitions. STARTUP.INFO is the first collaborative magazine (write for us ) dedicated to the promotion of startups with more than 400 000+ unique visitors per month. Our objective : Make startup companies known to the global business ecosystem, journalists, investors and early adopters. Thousands of startups already were funded after pitching on startup.info.

Get in touch : Email : contact(a)startup.info - Phone: +33 7 69 49 25 08 - Address : 2 rue de la bourse 75002 Paris, France