The number of people working remotely rises each year as organizations look to offer more flexibility and reach further outside of their immediate radius when looking for talent. Working remotely has many benefits and some even believe remote workers outperform office workers. However, there are some risks to data security that present themselves more often through remote workers than anywhere else. In this blog we will go through six ways you can make sure that your remote workers are keeping their data secure.
1. Use a Password Manager
Weak, lost or stolen passwords remain one of the greatest security threats faced by organizations, and according to a recent survey carried out by Keeper, the vast majority of internet users reuse their passwords. If a hacker was able to gain access to just one set of credentials, they have the potential to access far more sensitive data than they otherwise could.
Additionally, the way we record our passwords needs a lot of improvement. 76% of us either write our passwords down or simply try to remember them. 33% of respondents take 3 to 4 login attempts to remember a forgotten password, and 60% have had to reset a password in the past 60 days. To make matters worse, some people are still using passwords that are already known to hackers, such as 123456, password, qwerty and so on.
A password manager, such as Keeper, 1Password or LastPass, will save passwords in an encrypted vault which is protected by a master password. They can also generate secure passwords for you.
2. Check for HTTPS in the Address Bar
When browsing the web, especially when accessing websites which require the transfer of personal data, it is important to look out for HTTPS on the address bar of your web browser. The ‘S’ part stands for ‘Secure’ and means that all communications between your browser and the website are encrypted. Not every website uses HTTPS, in fact only 65.2% of the top websites use this security measure. However, there is a chrome extension called HTTPS Everywhere, which “automatically switches thousands of sites from insecure “http” to secure “https”.
3. Keep a Close Eye on Your Finances
Should an attacker gain access to your bank or credit card details they will likely try to use this information to make payments from your account. In addition to the loss of funds, such fraudulent activity may impact a person’s credit score. Most financial institutions allow their customers to setup notifications on their account and there are services which allow customers to monitor multiple accounts at the same time. Receiving real-time alerts when transactions are made will allow customers to identify suspicious behavior in a timely manner and reduce the response time.
4. Use a Virtual Private Network Service
A Virtual Private Network (VPN) is a service which creates a secure and encrypted connection over an insecure network, such as a public Wi-Fi hotspot. A VPN will ensure that all browsing, and communications are encrypted, which means that even your ISP will not be able to see what you are doing. If you are a remote worker, using a VPN is essential to keeping your data secure./p>
5. Purge Your Cookies
Websites use cookies for a number of reasons, such as keeping track of items added to a shopping cart or recording a user’s browsing activity. The data collected would be classified as personally identifiable information (PII) and could be used for more nefarious purposes. What’s more, web browsers don’t always authenticate the domains that set cookies, which allows hackers to inject cookies into standard HTTP connections. Such techniques have even been known to break HTTPS security. It is a good idea to delete all cookies in your web browser. This may result in a loss of browsing convenience, but it is better to be safe than sorry.
6. Be Vigilant
Phishing or “social engineering” scams are commonplace in today’s digital world. They work by trying to trick their targets into opening a link to a malicious website, downloading an attachment containing malware, sharing login credentials, or any other type of sensitive information. There are many different types of phishing techniques, such as spear phishing, CEO fraud, Pharming, Dropbox/Google docs phishing, and more. Recently, we have seen a rise in Formjacking, which is where hackers inject JavaScript code into a web form to steal a user’s credentials, payment information, etc. Remote workers must be vigilant when it comes to verifying links and email addresses and identifying suspicious functionality on web-forms.