More people than ever work remotely, at least part of the week. Here at WorkflowMax, many of our users – and even some of our team – work remotely all across the globe. I myself work from my off-grid eco-home in rural New Zealand. Usually, this is a wonderful arrangement enabling staff the freedom to live and work wherever they want, and to facilitate a great work/life balance. But it comes at a cost.
Security and safety of staff, files, and servers is a huge concern, and as people move out of the office and on to different devices (phone, tablet, laptop), this concern becomes even more pronounced. It’s much easier to control access and educate about security measures when all the team is in the same building, but with team members scattered across the globe, sometimes things go wrong.
A security breach can have disastrous results – anything from days of lost productivity while a virus is cleaned up, to hackers access clients private files, or IP lost to competition through deliberate corporate espionage. While all these things are extremely unlikely to happen, the more vigilant you are and the more your remote team use safety and security best practice, the better your protection will be.
In this article, I run through some of the basic tips to keep not just your data safe, but your team, too.
General Safety Tips
This article is mainly going to focus on IT security and the safety of files and stored data, but it’s important to ensure that you adhere to other recommended safety tips, as well. With employees scattered across the country (or the globe) you can’t keep tabs on exactly what they’re doing, so it’s important they understand basic safety guidelines, such as:
- Make sure that – if you’re working alone – someone knows where you are at all times. Stay in contact with your team so they can find you if they need you.
- Don’t answer phone calls, text, or check email while you are driving or operating machinery.
- Obey instructions given to you by authorities, police, civil defence, airline crew, and other experts.
- Make sure you have a plan, in case something goes wrong. For example, when I work from home I am often alone, but I’m on good terms with my neighbours so if something goes wrong, I can call on someone who is only 50m away.
- If you feel uncomfortable in a public space, it is perfectly OK to get up and move.
- Trust your instincts and don’t do anything that makes you feel uncomfortable.
Keeping Your Computer Secure
When we’re in the office, we have the security forces of our company to fall back on. Viruses are caught early by the IT team, password changes are forced upon us by automated reminders, and regular security checks keep most threats at bay.
However, when you work remotely, it can be easy to forget these precautions. Plus, while in your own company you can usually trust the people around you, but out in the “real world” there are all sorts of mishaps that can befall you … and any sensitive company information or IP you may be carrying.
Here are a few tips for ensuring computer security when you’re working away from the office.
- Don’t trust the WiFi: One third of remote workers admit to using an unsecured wireless network, putting their data at risk. Think carefully about whether you need to use the WiFi, or if your task can’t wait until you are somewhere more secure.
- Turn it off: When you aren’t using a device, turn off the WiFi and bluetooth connectivity.
- Consider high-level security: Encrypting a laptop and using secure VPN will help protect extremely sensitive IP.
- Keep your items on you: According to a Code 42 study, one laptop is stolen ever 53 seconds in US airports. Take your taptop with you everywhere, and if you’re feeling tired and think you’ll fall asleep in the lounge between flights, put your laptop into secure storage.
- Switch on the “Find My Device” mode: This can help you locate a device if you accidentally leave it behind or it is stolen.
- Use only secure cloud-based services: Make sure any cloud-based products you use have solid security measures in place to protect your data. Here at WorkflowMax, we use enterprise-level data encryption to ensure no one can access your files unless you let them. Our handy FAQ explains more about data security.
- Use caution with USBs: Never use a USB device unless you’ve had it cleared by your company’s IT team. Recently, security expert Peter Wood of First Base Technologies attended a security conference where organisers handed out USB sticks with conference information. Wood discovered the USB sticks included not one, but three pieces of malware. The conference organisers were appalled when they found out.
- Likewise, don’t let anyone else plug in USB devices into your computer, not even if they just need to charge their iPod before a long plane ride.
- Create complex passwords: Passwords should not be words, sentences or easily identifiable sequences of numbers. It’s best to use a long string of characters, incorporating numerals, letters, and symbols. You can use a tool like LastPass to help you create and remember all your different passwords.
- Practice good password security: Follow the basic tenets of password security. These include:
- Using different passwords for your accounts, and not using the same passwords for work and personal accounts.
- Changing passwords every 90 days.
- Not writing down passwords or storing them in files (unless you’re using an app like LastPass.)
- Generating strong passwords.
- Auditing passwords frequently to ensure you’re keeping abreast of latest security practices.
TIP: To help me remember passwords, I like to choose some song lyrics I remember and use the first letter of each word in the line. This way I can remember long strings of letters with ease. You could also try this with movie quotes or lines from poetry.
Remember, if a device is stolen, don’t try to recover it yourself. Alert police or security.
Recognising Phishy Emails
One of the biggest risks to company security are phishing emails or websites. These are often sent to people in a large company and addressed as though they come from someone else within that company. They might also appear to be from your bank, credit union, or insurance company.
While internal IT can quickly inform and delete such emails in house, remote workers can often be left out of vital updates on phishing. It’s important to understand the risks of opening phishing emails and what to do when you encounter one.
Phishing emails will often look as though they come from someone within your company. Perhaps saying, “Here are the meeting notes” with a link to download a document. They might direct you to a website that looks identical to your bank’s login page so you enter your password. They may download harmful software onto your computer.
If you receive an email you think looks suspicious:
- Don’t open files or click links! Instead, hover your mouse over the link in the email, and you should see the full URL of where the link actually goes. Does it look suspicious? Just forward the email to your company IT, or delete and forget.
- Check the email address: Does it come from your company’s domain? For example, our company emails have @xero.com at the end? If it doesn’t come from this domain, it’s definitely suspicious.
- How’s the spelling? Phishing emails often come from fraudsters who speak English as a second language. A legitimate company such as your bank or your CEO would not have spelling or grammar mistakes in their emails.
- Don’t reply: Legitimate companies don’t ask for personal details like names and address and credit card numbers over email. Do not reply to these emails or fill in any forms.
For more advice on recognising and dealing with phishing attempts, check out this article.
Security Tips When You Are Using a Co-Working Space
Many remote workers like to use a co-working space, instead of a home office or coffee shop. We’ve talked a lot about the advantages of co-working. Now, here are some tips on staying safe.
When choosing a co-working space, ask about their security precautions. Look for spaces that have:
- Access synchronised to current member status, to ensure only current members have access. (For more information on the problems with key card access systems, see this infographic.)
- An alarm and monitored security.
- Lockable storage cabinets with personal keys if you want to leave items in the space.
- A secure internet connection / WiFi network.
Some spaces incorporate community-watch style security measures, which have proven successful in some instances. See this interesting article on the Indyhall co-working space where members have a 30-day waiting period before being allowed 24/7 access, and then they need to get 3 other key-holding members to say they’re trustworthy before being given a key.
When working in the space you’ve chosen, if you’re dealing with sensitive information, try to choose a desk or orient your workstation so people can’t easily see your screen. Make it a habit to clear recent browser history, delete downloaded files, and don’t allow computers in the space to store your passwords.
Don’t let people into the space unless you know them. Be a good co-worker and ask them who they are and what they’re doing. Be friendly, but also check to make sure a person really uses the co-working space before you let them in.
Security While Commuting
Remote working often involves travel locally or internationally. All of the advice above applies, especially about safety and security in airports. But there are a few other tips to keep you – and your company data – safe and secure while commuting:
- Never leave your bag, briefcase or laptop unattended. This includes any device plugged into a charging station.
- Be aware of who might be listening to your conversations. If you’re speaking about sensitive client data / campaigns (or you are disparaging a client over the phone), then move to a private area. You never know who might overhear.
- Don’t send or open secure data over public wifi in an airport or train station.
- Follow directions of staff regarding use of electronic devices, safety belts, and other precautions. They are there to look out for your safety.
Everyone – whether you work in the office or from the deck of your boat – has a responsibility to be proactive about protecting yourself and your company assets from security threats. No one wants to be responsible for letting loose a virus or losing valuable IP. Think about how you can improve your security practice today – is there one little task you can do (or stop doing) that could improve your security?