Data can be extremely valuable, and defending it is serious business. With the countless high-profile data heists that have occurred over the last few years, it hardly needs to be said anymore that effective data security is critical to any business or organization with an online presence. And of course, a large and growing amount of commerce now happens online, making good data security practices essential to virtually any organization that wants to have a meaningful footprint.
Properly securing sensitive data isn't just a challenge for the organizations that house it, however. All individuals who handle the valuable data stored away at such places have a duty to keep their own personal systems secure as well. After all, the more people that have access to important data, the more potential entry points are available to hackers looking to steal it.
Why You Should Keep Your Data Secure
The recent COVID-19 outbreak has only compounded these challenges. Increasing numbers of tech workers now have to work remotely. While this arrangement certainly has its advantages and allows many businesses to continue functioning, it also adds an extra layer of problems for security teams and gives them new variables to consider.
Whether you're a tech support specialist who has access to key customer accounts, a software engineer tasked to work on a crucial company project, a server admin who updates and interacts with crucial company data, a Scrum Master, a project team leader, a cybersecurity professional or any other kind of worker who uses important company files every day, working remotely requires you to be on your game in ways that go beyond the typical data security demands at the office.
When you work remotely, you and the rest of your remote team will be exposed to a new host of dangers that can basically be divided into two categories: digital threats and personal threats. Digital threats are the technical means by which data thieves and other hackers might try to break into the computers that you use as you work from a home device. From there, they can gain access to the crucial company machines to which your computers have access.
Personal threats, however, are more amorphous and therefore harder to guard against. These usually involve hackers using clever social engineering trickery to get you to reveal important company data to them inadvertently. It can also refer to hackers physically stealing your machine, eavesdropping on you, implanting malicious codes to your device via a USB drive or some similar nefarious tactic.
Below, we'll offer you five indispensable steps that you need to take to keep your personal and company data secure from both of these kinds of threats as you work remotely.
5 Steps To Protect Your Data
1. Encrypt, Encrypt, Encrypt
Proper encryption is the holy grail of cybersecurity. In one way or another, it's at the core of every effective cybersecurity technique and practice. In a nutshell, it's a technique to make data exchanged between computers unreadable to all those who do not have a unique decryption key. Without this key, even if hackers intercept any encrypted data you send out, they will not be able to use it.
Perhaps the best-known use of encryption is in VPNs. A VPN, or Virtual Private Network, is a security tool that puts a layer of encryption between your computer and every other computer from which it receives traffic. With a VPN, your computer will behave as if it's connected to a private network.
All outgoing traffic will be encrypted, and only traffic from certain pre-approved sources will be accepted. When you're working with a remote team that can't directly connect to your company's private network, this is an essential tool.
But encryption can do much more than this. When working remotely, you should get into the habit of encrypting every single technology and every piece of data that is work-related. This includes hard drives, e-mails, customer credit card data on your servers and everything else that's important.
2. Implement a Zero Trust Security Strategy
Zero Trust is a cybersecurity methodology that maximizes data security. It does this in multiple ways.
First, it requires multi-factor authentication from anyone seeking to access any part of a company network. Just knowing one password is not enough. You may also be required to answer a series of security questions or to provide multiple passwords in sequence before being granted access. Thus, even if a hacker successfully discovers one password, this may not be enough to result in a data breach.
Secondly, Zero Trust insists on network segmentation. Segmentation is the practice of splitting a company network into parts, sealing those parts off from one another and granting workers access to only some parts and not others, depending on their roles in the organization.
Doing this sharply decreases the probability of a major data breach. Even if one worker's data is compromised, this need not result in catastrophe for the company as a whole, and it need not mean that other workers' data is also in danger of being stolen.
If you are in charge of a team of developers, a server admin or have any other kind of role that gives you significant access to lots of company data, it is in your interest to make all those working remotely adopt Zero Trust methodology.
3. Educate Team Members About Social Engineering
Despite what people might see in hacker movies, most data breaches don't happen because the hacker exploits some obscure technical security hole in a system. Encryption, VPNs, network segmentation and other protocols are usually enough to stop such things in their tracks. Instead, most hacks originate through the clever use of social engineering.
The term "social engineering" refers to the so-called human element in hacking. Hackers have often called up company personnel, posing as fellow employees and claiming to have "forgotten" some important password. Thus duped, the unsuspecting employee gives away valuable information and exposes his company to a hack.
All remote workers should be told, in no uncertain terms, never to share any kind of company data with anyone unless they explicitly know that the person in question has a right to access it. This includes encryption and decryption keys, passwords, answers to security questions and the like.
If you are a scrum master or any kind of team leader, you must teach your team members to be on the lookout for social engineering. If you are a security engineer, you similarly have a responsibility to tell your colleagues about this.
4. Only Use Work Computers
Companies that take cybersecurity seriously should provide all of their remote workers with specially-designated work computers on which to conduct all company-related business. These computers will typically come with security features like VPN access, encrypted drives and anti-virus software.
Most remote workers at most companies do not have comparable security features on their personal computers. Even if you're a cybersecurity expert and the encryption on your personal computers is top-notch, it's still a good practice to use the work computer anyway. Connecting a strange computer to your company's network always carries some risk of a breach.
And if you work in some part of IT outside of cybersecurity, you might miss some vital security patches and updates that the cybersecurity team provides if you just work through your personal computer. What all of this means is simple: never succumb to the temptation to do any work-related task, no matter how simple, on your personal computer. Always use your work computer.
5. Practice a Little Constructive Paranoia in Your Day-to-Day Dealings
Many things can fall under the heading of what we mean by "constructive paranoia." Before we get into a few specific suggestions on how to implement this tip, first try to think of it in general terms as a specific kind of mindset. Once you do this, you'll be able to implement even more techniques to safeguard your data while working remotely than the ones we suggest to you. You'll be able to come up with your own useful precautions.
In brief, always remember that the computer you use while working remotely may never fall into the wrong hands. It may never be used by anyone who is not authorized to use it, and none of the data on it may be accessed by anyone who is not meant to access it. Once you have this firmly in mind, be aware of the kinds of situations in which you might find yourself in daily life and how those situations can open you up to data breaches.
Here are some suggestions on how just a little bit of caution and paranoia can help you secure your data:
- Don't Use Public Wi-Fi: This should be a no-brainer. Anyone can access a public Wi-Fi network, including hackers. You are better off assuming that every public Wi-Fi network is compromised. Don't use them. Your best bet is to stay home and use your company's VPN to do your work. If you have no choice but to do remote work somewhere other than at home, always either work at a personal hotspot or use a VPN.
- Never Leave Your Computer Unattended: Don't leave your computer sitting by itself in your car. If you're in a public place like a café, don't leave it sitting unattended for any length of time. These are all perfect opportunities for hackers to steal your machine out from under your nose potentially. Even if they don't steal it, they can use a moment when you aren't looking to slip in a USB drive and install malicious codes that will allow them to hack you.
- Never Use Unknown USB Drives: Speaking of USB drives, since they're such common vehicles for delivering malicious codes, you should never plug a USB drive into your computer if you don't already know everything that's on it.
- Lock Your Doors and Windows: This is an obviously wise practice in general, but it might seem strange to mention it in a list of tips for securing your data. Data thieves can be extremely brazen, however. If the company data on your machine is valuable enough to them, they will stop at nothing to steal it. You can't afford to take any chances.
About the Author: Shane is the founder and CEO of Los Angeles software development agency ClearSummit, and the co-founder and CTO of TuneRegistry, music rights SaaS platform. He also provides consulting services to startups and enterprise companies. Prior to working in the agency space, Shane built news media backends and part of the FAA's air traffic control system. He has a B.S. in Computer Engineering from UVA. He has a passion for efficiency and combining the best tech and design to solve complex problems.