If you’re a business owner or company with a virtual workforce, then you’ve probably had some questions about security. With on-site employees, you can force physical controls and other policies to keep your devices and data secure. If your employees are working from home sometimes—or even all the time—how can you be sure that your information is safe?
In 2014, a report by the Ponemon Institute found that 43% of the companies surveyed had been through a security breach in the previous year. Those numbers aren’t good, but those breaches aren’t all due to some highly technical vulnerability that will cost tens of thousands to fix. Some of the most often-used vulnerabilities are the easiest things to fix—and they’re things you can start doing right now.
Check Your Device Policies
Imation conducted a study in 2014 of workers in Germany and the United Kingdom that found over a third of office workers or someone they knew either personally lost or had a device stolen while in a public place. Even more disturbing is that 75% of those devices, according to survey respondents, had work data on them—including proprietary company information or confidential customer data.
Many employers allow employees to use their personal devices for work—and while that can spell big trouble, with a virtual workforce you don’t have much of a choice. Your company’s data—no matter how confidential—is only as safe as the weakest device it’s on. If you’re spending money to secure your data but your employees can use their personal devices to access it, then your company’s data is protected by whatever security exists on that device. Considering 34% of smartphone users don’t even secure their phone with a 4-digit pin let alone a strong password, that doesn’t bode well for your company—or the customers who trust you.
If you have virtual employees who use their own devices, then make sure that all parties understand the risk. Have employees who wish to use their personal phones or laptops sign a waiver saying they understand that in the case of a security breach, loss of theft of the device, the company may be forced to remotely wipe it to protect work data—or consider other measures that will make virtual employees think twice before being sloppy with company data.
Check your written policies; make sure that they accurately explain the risks and talk to your virtual workforce about any changes you want to make to security practices in your virtual workplace.
Understand the Human Factor
The simplest way for a hacker to gain access to unauthorized data is simply to just ask an employee for it. Social engineering—the practice of tricking people into giving up information—is a common practice for malicious hackers, corporate spies, and others with nefarious plans for your company data. With a virtual workforce that doesn’t personally know each other, pretending to be another employee or someone who needs access can be even easier.
The 2016 Verizon Data Breach Investigations Report noted that the human-based attacks are increasing in both frequency and sophistication; the report found 9,576 phishing incidents in 2015. Phishing is an attempt to get an employee to click on a link or install a program that offers the attacker access—but phishing isn’t the only way an attacker can victimize your virtual employees.
Pretexting is another attack you might see with a virtual workforce. Where a phishing attack tries to trick an employee into taking an immediate action, pretexting works off an established trust between the attacker and the employee. An attacker looking to exploit your company or steal data may contact one of your virtual employees while pretending to be another employee, vendor, or other authorized party.
It’s not enough for you as a business owner to understand the ways that human factors affect your security—your employees need to understand it too. Talk to them about the various types of attacks and help them recognize an attack when it happens.
Protect Your Network
You can train your employees to be on their guard when it comes to security practices, and you can get the device situation under control but if those devices are connecting to your data on an insecure network then all your efforts are for nothing. Virtual workers connect on their home networks—or even public wi-fi such as their local coffee shop.
Any avenue leading to your company’s data needs to be protected, and that includes your network. You don’t need to invest in secure servers or huge IT solutions; you can get a fast, secure virtual private network (VPN) that can protect you and your employees for a very reasonable cost. A VPN encrypts connections and protects the data being sent.
The number of security threats facing any company is constantly shifting and growing. Those who use a virtual workforce may find themselves even more vulnerable. Taking the steps above, however, can give you an advantage—and ensure that no matter where your employees are, your data is safe and secure.
Bill here from PixelPrivacy.com. My blog is all about making the world of online security accessible to everyone. I pride myself in writing guides that I’m certain even my own mom could read! Be sure to head over to my blog if you’re interested in keeping your private information just that: Private!