7 best practices for protecting data security in a remote workforce
Years ago, working from home was a pipe dream for most. Today, more than half the world's workforce works remotely at least once a week. As many enterprises already know, remote work brings with it acute challenges to the security of your organization's data that IBM estimates cost an average of $3.92 million per breach. By observing best practices, global enterprises can navigate these hurdles and securely allow remote working to become the new modus operandi.
Is your cybersecurity strategy ready for remote work?
Remote working is on the rise. Since 2007, there has been a 159% rise in remote working in the US1, while globally 52% of employees work from home at least once per week2. This worldwide shift towards remote working is predicated upon the myriad benefits that remote workforces boast.
Robust remote working solutions allow companies to pull from a global talent pool and significantly reduce staff turnover. A two-year study from Stanford University demonstrated that remote employees are, on average, 14% more productive than their office-based counterparts3, with companies reporting an annual increase of $2000 in profit per remote working employee3.
Employees working away from the office avoid workplace distractions and interruptions that cost 20% of daily activity4. It is no wonder, then, that of the 20 companies listed as the World’s Best Workplaces, 12 have active remote working policies5.
Security concerns heighten as remote working accelerates
Though not a new concept, increased remote working imposes a new set of challenges for enterprises. Cybersecurity is principle among these, as threats to data security and the integrity of business systems are compounded by surges in remote accessibility. Ensuring that your digital workplace is secure from potential threats and your enterprise’s data are protected is a business priority.
Public holidays, for instance, present periods of increased remote working as employees seek to work from home to be with their families. The global COVID-19 pandemic – a watershed moment for remote working – forced enterprises around the world to test their capacity to transition towards an entirely remote workforce. Dramatic influxes in remote workers, whether from seasonal shifts or widespread work from home policies, lead enterprises to evaluate whether they have the necessary security provisions in place to cope.
Remote working is evidently here to stay; a necessary function of the modern way of working. Unily has prepared this guide of best practices, top tips, and questions to ask your SaaS provider to ensure that your enterprise’s digital workplace is secure and ready for the inevitable rise in remote working.
Top tips to prepare your systems for remote working
Evaluate your technology
As the number of employees working remotely rises, your enterprise must be able to handle an increase in users logging in away from your local network. Remote users may need to use different software or processes to access tools and share data with others as they collaborate remotely. Make sure all systems are updated and tested to manage the increased strain a rise in remote working will place on your systems.
Provide staff training
Training staff to keep software updated is vital to mitigating risk, but in the event of a cybersecurity breach, employees must know how to report incidents. Creating a blame-free culture for event reporting encourages people to flag incidents immediately so that you can act quickly on potential threats. You should also consider publishing how-to guides on your intranet so remote employees can find help if they run into any issues.
Secure all devices
Employees using devices away from the workplace increases the risk of theft. Fortunately, most devices include tools that remotely lock access to the device, encrypt data at rest, erase stored data, or retrieve backups. Mobile device management (MDM) software can set up this type of standard configuration, ensuring compromised, lost, or stolen devices don’t pose a threat.
Set up accounts and passwords
Preventing the wrong people from accessing your data is crucial. Multi-factor authentication and single sign-on security alleviate the burden on employees to remember several complex passwords, reducing the chance of them setting up weak passwords easily cracked by malware. Setting up all accounts with the correct privileges and permissions prevents unauthorized users from gaining access to sensitive information and putting your enterprise’s data at risk.
Set policies for removable media
Reduce the chances of removable media introducing malware to your systems by using the latest antivirus tools, encrypting data at rest, only allowing products supplied by your organization, or by disabling them altogether in your MDM settings. If disabling removable media, ask remote workers to transfer files with corporate storage or collaboration tools instead.
Train for vigilance
Phishing scams, unassuming spyware trojans, and crippling ransomware will bring your systems to a crashing halt given the chance, so it’s essential remote users know how they can help defend against cyberattacks. Have the proper protocols in place to detect breaches before they can wreak havoc and train employees to spot phishing emails, run antivirus scans, and avoid unverified downloads while using your systems.
Control access to your systems
Remote access to your digital workplace should be encrypted so no third parties can tamper with information sent between servers and clients. Transport layer security (TLS), typically provided by virtual private networks (VPNs), makes data sent between communicating services and users private and secure. If using a VPN, you may need to purchase additional licenses or bandwidth to prepare for more remote users.
How to fuel a positive culture for remote workers
Even under normal working conditions, cultivating a positive culture is both a challenge and a priority. Remote work can add an additional layer of complexity because it’s more difficult for dispersed workforces to unite under one vision. Paired with proper strategy and open lines of communication, the right set of digital tools can fuel a positive culture that boosts employee satisfaction and encourages every user to reach peak performance.
Nine questions to ask your SaaS provider
If your organization is seeking to scale up the level of home working for the future, there are nine questions you should ask your SaaS provider to evaluate whether they have the provisions in place to allow employees to log in and work remotely safely:
#1. Does your SaaS provider protect data-in-transit between systems and users?
Organizations must verify whether their SaaS provider protects data-in-transit and encrypts data between the client and SaaS platform. If your SaaS provider doesn’t protect data-in-transit, a rise in remote working will put your organization at greater risk of cyberattacks.
#2. Does your SaaS provider have industry best practice certification?
SaaS providers are required by law to attain certificates that verify their compliance with industry best practices. If your SaaS vendor has attained ISO271001 compliance and SOC2 audit accreditation, you can rest assured that even an entirely remote workforce will not leave your systems open to potential threats.
#3. How does your platform protect and authenticate APIs?
If your digital workplace utilizes APIs, you must verify whether your SaaS provider protects them via authentication methods. If they do not, any potentially sensitive information returned by API queries – when applications interact with your platform – is unprotected. This means that any time a remote employee accesses a tool or application to carry out their role, your enterprise’s data may be at risk.
#4. Does your SaaS provider allow for user privilege separation?
External contractors shouldn’t be able to view the same documents that a C-suite executive can. Solutions that allow varying levels of user privileges can restrict the access employees have on your digital workplace according to what they need. By enforcing assigned privileges with rigid authorization methods, you determine exactly what each user can or cannot see, thereby ensuring the security of business-critical data.
#5. Does your provider utilize multi-factor authentication?
Multi-factor authentication, such as OAuth 2.0 in combination with OpenID Connect, grants access to a site or application after users present two or more pieces of evidence, like a password and a verification code sent by SMS. Your SaaS vendor should use these protocols to allow remote workers to safely switch from one integrated application to another from your digital workplace with single sign-on security.
#6. How does your platform collect logs of events?
Event logs trace and record all users accessing your systems. Your SaaS provider must generate all relevant security-critical logs so that your enterprise’s data remains secure in the event of a cybersecurity threat.
Unily, for instance, retains nearly 10 Terabytes (TB) of logs per month across its client base and records 1.6 billion activities of events in a typical week. Of these events, only 0.0000025% are flagged as incidents requiring manual investigation.
#7. Does your SaaS vendor make logs available to clients?
You should also ask whether your SaaS provider makes these logs available to clients. Security-critical event logs allow you to learn from previous threats and reinforce your cybersecurity in response. For your enterprise to audit, monitor, and evaluate the security of your systems, you will need access to these logs.
#8. Does your platform include clear incident response to patching and security issues?
If by analyzing logs you uncover a security issue, you need to know if your SaaS provider has an incident response and patching system in place so that you can quickly remedy any publicly reported issues. A simple way of evaluating this is to use your provider’s previous track record with patching and security issues as a litmus test to assess how they may cope with problems that arise from an influx in remote work.
#9. Does your SaaS vendor provide clear and transparent details on a product’s security features?
Finally, the SaaS provider behind your digital workplace should make details available on its implemented security features and how you can best configure them to remain secure with a remote workforce. In short, how easy has it been for you to get answers to the above questions?
Your enterprise’s security demands the best
If you’re looking for a secure employee intranet remote working solution, speak to one of our digital workplace experts today to learn more about how Unily keeps your business’ valuable data under lock and key.