7 best practices for protecting data security in a remote workforce

Years ago, working from home was a pipe dream for most. Today, more than half the world's workforce works remotely at least once a week. As many enterprises already know, remote work brings with it acute challenges to the security of your organization's data that IBM estimates cost an average of $3.92 million per breach. By observing best practices, global enterprises can navigate these hurdles and securely allow remote working to become the new modus operandi.

Is your cybersecurity strategy ready for remote work? 

Remote working is on the rise. Since 2007, there has been a 159% rise in remote working in the US1, while globally 52% of employees work from home at least once per week2. This worldwide shift towards remote working is predicated upon the myriad benefits that remote workforces boast.

Robust remote working solutions allow companies to pull from a global talent pool and significantly reduce staff turnover. A two-year study from Stanford University demonstrated that remote employees are, on average, 14% more productive than their office-based counterparts3, with companies reporting an annual increase of $2000 in profit per remote working employee3

Employees working away from the office avoid workplace distractions and interruptions that cost 20% of daily activity4. It is no wonder, then, that of the 20 companies listed as the World’s Best Workplaces, 12 have active remote working policies5.

Security concerns heighten as remote working accelerates 

Though not a new concept, increased remote working imposes a new set of challenges for enterprises. Cybersecurity is principle among these, as threats to data security and the integrity of business systems are compounded by surges in remote accessibility. Ensuring that your digital workplace is secure from potential threats and your enterprise’s data are protected is a business priority.

Public holidays, for instance, present periods of increased remote working as employees seek to work from home to be with their families. The global COVID-19 pandemic – a watershed moment for remote working – forced enterprises around the world to test their capacity to transition towards an entirely remote workforce. Dramatic influxes in remote workers, whether from seasonal shifts or widespread work from home policies, lead enterprises to evaluate whether they have the necessary security provisions in place to cope.

Remote working is evidently here to stay; a necessary function of the modern way of working. Unily has prepared this guide of best practices, top tips, and questions to ask your SaaS provider to ensure that your enterprise’s digital workplace is secure and ready for the inevitable rise in remote working.

man checking servers for security breech

Top tips to prepare your systems for remote working

Evaluate your technology

As the number of employees working remotely rises, your enterprise must be able to handle an increase in users logging in away from your local network. Remote users may need to use different software or processes to access tools and share data with others as they collaborate remotely. Make sure all systems are updated and tested to manage the increased strain a rise in remote working will place on your systems.

Provide staff training

Training staff to keep software updated is vital to mitigating risk, but in the event of a cybersecurity breach, employees must know how to report incidents. Creating a blame-free culture for event reporting encourages people to flag incidents immediately so that you can act quickly on potential threats. You should also consider publishing how-to guides on your intranet so remote employees can find help if they run into any issues.

Secure all devices

Employees using devices away from the workplace increases the risk of theft. Fortunately, most devices include tools that remotely lock access to the device, encrypt data at rest, erase stored data, or retrieve backups. Mobile device management (MDM) software can set up this type of standard configuration, ensuring compromised, lost, or stolen devices don’t pose a threat.

Set up accounts and passwords

Preventing the wrong people from accessing your data is crucial. Multi-factor authentication and single sign-on security alleviate the burden on employees to remember several complex passwords, reducing the chance of them setting up weak passwords easily cracked by malware. Setting up all accounts with the correct privileges and permissions prevents unauthorized users from gaining access to sensitive information and putting your enterprise’s data at risk.

Set policies for removable media

Reduce the chances of removable media introducing malware to your systems by using the latest antivirus tools, encrypting data at rest, only allowing products supplied by your organization, or by disabling them altogether in your MDM settings. If disabling removable media, ask remote workers to transfer files with corporate storage or collaboration tools instead.

Train for vigilance 

Phishing scams, unassuming spyware trojans, and crippling ransomware will bring your systems to a crashing halt given the chance, so it’s essential remote users know how they can help defend against cyberattacks. Have the proper protocols in place to detect breaches before they can wreak havoc and train employees to spot phishing emails, run antivirus scans, and avoid unverified downloads while using your systems.

Control access to your systems

Remote access to your digital workplace should be encrypted so no third parties can tamper with information sent between servers and clients. Transport layer security (TLS), typically provided by virtual private networks (VPNs), makes data sent between communicating services and users private and secure. If using a VPN, you may need to purchase additional licenses or bandwidth to prepare for more remote users.

remote workers culture guide cover

How to fuel a positive culture for remote workers

Even under normal working conditions, cultivating a positive culture is both a challenge and a priority. Paired with proper strategy and open lines of communication, the right set of digital tools can fuel a positive culture that boosts employee satisfaction and encourages every user to reach peak performance.

Download Guide

Nine questions to ask your SaaS provider

If your organization is seeking to scale up the level of home working for the future, there are nine questions you should ask your SaaS provider to evaluate whether they have the provisions in place to allow employees to log in and work remotely safely:

#1. Does your SaaS provider protect data-in-transit between systems and users?

Organizations must verify whether their SaaS provider protects data-in-transit and encrypts data between the client and SaaS platform. If your SaaS provider doesn’t protect data-in-transit, a rise in remote working will put your organization at greater risk of cyberattacks.

#2. Does your SaaS provider have industry best practice certification?

SaaS providers are required by law to attain certificates that verify their compliance with industry best practices. If your SaaS vendor has attained ISO271001 compliance and SOC2 audit accreditation, you can rest assured that even an entirely remote workforce will not leave your systems open to potential threats.

#3. How does your platform protect and authenticate APIs?

If your digital workplace utilizes APIs, you must verify whether your SaaS provider protects them via authentication methods. If they do not, any potentially sensitive information returned by API queries – when applications interact with your platform – is unprotected. This means that any time a remote employee accesses a tool or application to carry out their role, your enterprise’s data may be at risk.

#4. Does your SaaS provider allow for user privilege separation?

External contractors shouldn’t be able to view the same documents that a C-suite executive can. Solutions that allow varying levels of user privileges can restrict the access employees have on your digital workplace according to what they need. By enforcing assigned privileges with rigid authorization methods, you determine exactly what each user can or cannot see, thereby ensuring the security of business-critical data.

#5. Does your provider utilize multi-factor authentication?

Multi-factor authentication, such as OAuth 2.0 in combination with OpenID Connect, grants access to a site or application after users present two or more pieces of evidence, like a password and a verification code sent by SMS. Your SaaS vendor should use these protocols to allow remote workers to safely switch from one integrated application to another from your digital workplace with single sign-on security.

#6. How does your platform collect logs of events?

Event logs trace and record all users accessing your systems. Your SaaS provider must generate all relevant security-critical logs so that your enterprise’s data remains secure in the event of a cybersecurity threat.

Unily, for instance, retains nearly 10 Terabytes (TB) of logs per month across its client base and records 1.6 billion activities of events in a typical week. Of these events, only 0.0000025% are flagged as incidents requiring manual investigation.

#7. Does your SaaS vendor make logs available to clients?

You should also ask whether your SaaS provider makes these logs available to clients. Security-critical event logs allow you to learn from previous threats and reinforce your cybersecurity in response. For your enterprise to audit, monitor, and evaluate the security of your systems, you will need access to these logs.

#8. Does your platform include clear incident response to patching and security issues?

If by analyzing logs you uncover a security issue, you need to know if your SaaS provider has an incident response and patching system in place so that you can quickly remedy any publicly reported issues. A simple way of evaluating this is to use your provider’s previous track record with patching and security issues as a litmus test to assess how they may cope with problems that arise from an influx in remote work.

#9. Does your SaaS vendor provide clear and transparent details on a product’s security features?

Finally, the SaaS provider behind your digital workplace should make details available on its implemented security features and how you can best configure them to remain secure with a remote workforce. In short, how easy has it been for you to get answers to the above questions?

Your enterprise’s security demands the best

If you’re looking for a secure employee intranet remote working solution, speak to one of our digital workplace experts today to learn more about how Unily keeps your business’ valuable data under lock and key.

Citations

1 - https://www.forbes.com/sites/ankurmodi/2019/12/03/is-remote-working-just-another-fad-or-actually-good-for-your-business/#23723ec16955 

2 - https://globalworkplaceanalytics.com/2017-state-of-telecommuting-in-the-us

3 - https://www.inc.com/scott-mautz/a-2-year-stanford-study-shows-astonishing-productivity-boost-of-working-from-home.html

4 - https://www.forbes.com/sites/ankurmodi/2019/05/07/will-ai-save-you-from-bad-managers-in-the-future-of-work/#425e2da46cea

5 - https://www.greatplacetowork.com/best-workplaces-international/world-s-best-workplaces/2019

 

Upcoming events

View all

Latest Insights

  • Why you need to address knowledge decay before it harms your business

    Knowledge is power. Maintaining your competitive edge means protecting the expertise within your enterprise. We all make mistakes, and as the old adage goes, that's ok as long as we learn from them. That's why ensuring knowledge remains alive within your organization is a silent savior when it comes to safeguarding the future progression of any modern enterprise.

  • 7 ways to support the mental health of furloughed employees

    Jun 18 to Jun 24 marks Mental Health Awareness Week. In response to the pressures of a global crisis, mental health has taken on even greater significance within the workplace. Unily is taking this opportunity to show how an employee experience platform can support the mental health of furloughed employees and ensure that people feel ready to return to work.

  • What is the difference between a digital workplace and an intranet?

    It may not be an age-old question, but it's certainly one that puzzles a lot of people. What exactly is the difference between an intranet and a digital workplace? Unily has taken this opportunity to define the two and explain why you need both an intranet and a digital workplace platform to get the best out of your employees.

View all

Where next? Latest insights.

Why you need to address knowledge decay before it harms your business

Knowledge is power. Maintaining your competitive edge means protecting the expertise within your enterprise. We all make mistakes, and as the old adage goes, that's ok as long as we learn from them. That's why ensuring knowledge remains alive within your organization is a silent savior when it comes to safeguarding the future progression of any modern enterprise.

Supercharge employee experience with an intranet - Alberta

We're taking our exclusive Intranet Masterclass online for Alberta. Learn how to supercharge employee experience with an intranet at our FREE virtual seminar.

7 ways to support the mental health of furloughed employees

Jun 18 to Jun 24 marks Mental Health Awareness Week. In response to the pressures of a global crisis, mental health has taken on even greater significance within the workplace. Unily is taking this opportunity to show how an employee experience platform can support the mental health of furloughed employees and ensure that people feel ready to return to work.