The year 2020 may be well behind us, but the changes made at the start of the pandemic are most likely here to stay. Many companies that allowed employees to work temporarily from home last year are now providing greater flexibility for the future. This notable shift within our “new normal” has resulted in numerous benefits, including greater levels of employee productivity.
Unfortunately, amidst all these positive changes, a new concern is arising––data security. In today’s remote environment, the security measures company’s took at their physical office location are now mostly obsolete. Now, a lack of cybersecurity training, poor password management, insecure Wi-Fi connections, and other concerns threaten the sensitive data these companies worked so hard to keep secure and protected.
In this blog post, we’re discussing the critical issue of data security and the steps remote employees can take to protect themselves and their company while working from home.
Why remote workers need to emphasize data security
Data security for remote workers is one of the leading conversations around the new normal of working from home. At the simplest level, most home or public connections are just not as secure or safe as a company’s encrypted network systems. More concerning, nearly 70% percent of employees stated that they switched between their company and personal laptops to work. Over 30% said they let friends and family use their work devices for personal tasks.
The line between home and work has become blurred, making remote employees more vulnerable to cyberattacks than ever before. And without a company’s ability to manage and safeguard the home and public networks in use, these employees are at an ever-increasing risk of falling victim to hackers. Remote employees not only need to understand the importance of data security, but they also need to take action to prevent unwanted attacks.
How to promote data security while working remotely
Taking additional security measures is critical if you work from home. It’s equally important that all employees remain proactive and serious about safeguarding sensitive data. Follow these guidelines to help keep yourself and your company safe outside the office.
1. Connect to a hotspot or use a VPN
If working from home has now evolved into working from a public cafe, there are considerably more risks to using a public Wi-Fi network. An open network presents two main problems: a device connected to an insecure network is automatically vulnerable to hackers and also at risk for a criminal shoulder surfing as you work.
If you are working in any public location, whether a cafe, airport, or friend’s home, it’s important to provide as much security or encryption on your laptop as possible. Instead of connecting to public Wi-Fi, use a personal hotspot on your phone or another trusted device. If this option does not provide enough security, connect to a virtual private network (VPN) instead. A VPN routes an internet connection through a secure server that hides your activity while you’re online.
2. Use strong passwords and a password manager
Password safety is another simple, yet often overlooked, way to protect data while working remotely. While it’s not easy to remember more complex passwords, taking the extra step to create a strong and well-protected password could make all the difference. Passwords require a minimum length of at least seven characters, and they must contain both numeric and alphabetic characters. To further protect your passwords and data, set up multi-factor authentication so that you can further validate your login with a PIN number or security code that is accessed from a separate device.
An easy way for companies to help keep employees safe is by adopting a password management software like LastPass. These platforms require only one complex password and/or multi-factor authentication to gain access to all the websites, emails, and other company resources that are password protected. This reduces the risk of employees reusing one password across platforms, and it also makes it easier for both the company and their remote workers to manage and protect their access to private software.
3. Keep work and personal separate
The temptation to use personal devices for work purposes (and vice versa) can be much higher for employees that work from home, and that’s why education is key. Many companies routinely install updates, complete antivirus scans, or block websites on verified work devices, but these safeguards won’t make it to personal laptops and phones.
Stay proactive about following all the cybersecurity guidelines your company has in place, including keeping your work devices separate from your personal life. In the event that you do need to use a personal device for work, contact your company security team to ensure you have as many safeguards set up as possible.
4. Stay alert for phishing or other attacks
Common cybersecurity attacks like phishing, social engineering, and shoulder surfing can quickly lead to a data breach for your company. At all times, a best practice is to remain on high alert for these hacker attacks.
Modern phishing attacks are often sophisticated, making it more difficult to discern whether an incoming email is legitimate or not. If a phone call or email seems suspicious, first report this activity to your security team and wait for their instructions. Similarly, when working from a public place, be wary of onlookers who may be attempting to gather data over your shoulder.
5. Participate in routine cybersecurity training
Sophisticated hacking attacks are believable and convincing. And unfortunately, human error is still one of the leading threats to company data breaches. Without the proper training in cybersecurity best practices, you may fall victim to an attack! Especially while working remotely, it’s critical that all employees participate in these training sessions.
Regular cybersecurity training ensures that you and your coworkers are on the same page when it comes to protecting you and your company’s data. Companies should develop both cybersecurity and work-from-home policies to set the right expectations for their employees. For example, at FormAssembly, our entire team completes monthly training that provides education on security threats and awareness while working remotely.
“Routine security awareness training and up-to-date phishing campaigns keep your workforce mindful of the changing security landscape. This is one proactive way to limit human exposure to security threats,” says Chad Cragle, FormAssembly’s Director of Security and Compliance.
How our team follows data security best practices
Because FormAssembly is an industry leader in both data collection and data stewardship, our team understands how crucial it is to keep the sensitive data of our company, employees, and customers secure. We routinely provide company-wide cybersecurity training, complete audits, and participate in security reviews.
Our Security Team regularly provides communication and reminders to help all team members stay alert for cyber attacks and handle them properly. Our company also has an established Privacy Policy, an Incident Response policy and procedures based on NIST guidelines, and is PCI DSS Level 1 and ISO 27001 certified, FedRAMP Ready, and compliant with HIPAA, GDPR, FERPA, and EU-U.S. Privacy Shield.
Safeguard data with FormAssembly
Learn more about how implementing a secure, compliant platform like FormAssembly can simplify and streamline your data collection processes and even help with cybersecurity training!
