3 Tips for Protecting Remote Employees’ Data was published in Risk Management, where BIA’s Brian Schrader offers suggestions to employers about how to keep company data safe when so many employees are working from home, often on personal devices, physically far removed from the usual corporate security safety net.
Even before COVID-19 sent everyone home from work to work from home indefinitely, cyberattacks and data breaches were on the rise. In 2020 alone, we’ve seen law firms and corporations alike fall prey to major data breaches. Many remote workers are juggling school-from-home and 24/7 parenting as well. When employees have so many balls in the air, when the quest for a quiet space to conduct a conference call feels like the day’s biggest hurdle, the safety of the files they’re accessing on personal devices might not top their list of concerns. But it should be at the top of any employer’s list.
Your employees may be out of sight, but data security should be far from out of mind. Start with some basics:
1. When it comes to Wi-Fi networks, sharing ≠ caring.
While you may not have control over how your employees set up networks and routers in their homes, there are a few simple and relatively inexpensive measures you can take to protect the corporate data being accessed from those remote environments. In addition to implementing multi-factor authentication (MFA), you should require all employees to use a virtual private network. A VPN will encrypt any data flowing to/from employees’ devices to create a secure connection over an unsecure network. Alternatively, you can require that your employees use a personal wi-fi hotspot “puck.”
2. Make the rules, make them personal.
Many employees use their personal devices to do remote work. While public spaces remain closed, the chance of those personal devices accessing company data on unprotected networks at airports, libraries, cafes, etc. may be relatively slim. However, as parts of the country open up and the geographical sphere of “remote” work widens, the data that your employees view on their personal devices (email, attachments, and anything on the cloud) becomes increasingly vulnerable to data breaches. Make sure that your standard security protocols include MFA, sufficient password complexity (and possibly a password manager), and security timeouts. Include in your policies language about the company’s right to access those personal devices, and adopt a need-to-know basis policy for shared corporate docs containing sensitive data.
3. Educate, educate, educate.
Hands down, your company’s top defense mechanism against phishing attacks and malware attempts is a well-trained and highly attuned workforce. Keep your employees up to speed on: types of threats (internal and external) to be on the lookout for; newest tools and tactics that hackers use; how to choose strong passwords; and how to keep cyber security and common sense at the forefront of their minds whenever they’re online.
BIA can help.
For two decades, BIA has been helping law firms and companies protect data and respond to data breaches. Do you need help drafting policies and protocols that are current and applicable to the WFH era? Our experts are ready to help. Have you had to manage layoffs and collect devices from remote workers? Check out our additional tips on how to protect company data when laying off remote workers. Tired of reading a screen? Listen to Brian Schrader discuss WFH data security tips on Above the Law’s COVID-focused podcast series.
It’s WFH o’clock.
Do you know where your data is?
Learn more about how to keep your corporate data safe in the hands of remote employees.