During the last two years, more and more companies have chosen to go fully remote — and Openprovider is one of them. As of 2020, we have closed our offices and have converted to working fully from home. Our remote team is a truly multicultural one with people living across 15 different countries, from Canada to New Zealand.
After sharing our lists of remote work tools and remote work best practices, we have now compiled our best tips about security for fully remote companies — a topic so important it deserves its very own post. When the entirety of your work environment is online, without any physical interaction or files, digital security is extremely important. Home digital environments tend to have weak points that offices don’t, and working remotely therefore exposes companies and individual employees to a larger range of cybersecurity risks. In this article, we will therefore be sharing our best practices to optimize digital security within a remote work environment.
Create a company-wide security policy
A security policy ensures that everyone in your fully remote company is aware of what steps they should be taking to maximize security. This policy should include ways to prevent both external (through malicious third parties) as well as internal (through employees accidentally sharing data) threats.
Don’t make your security policy too long and complicated; stick to the issues that matter most. Use clear language to explain what your employees should be doing, how they should do it, and, most importantly, why they should do it.
If security is crucial for your business, consider adding a list of accepted software to your policy. This ensures that your team can only use safe applications that will not put your work in danger. If people want to use a new application, your IT department has to review this software first before the green light is given to implement it.
Other components to consider for your security policy include a password policy, mandatory usage of 2FA and VPNs, and use of a webcam cover. We will briefly discuss each of these components further in this article.
After your security policy is published, share it on a platform like Confluence to make it easily accessible to everyone.
Use strong and secure passwords, and change them often
Encourage your team to choose strong and unique passwords for every single account that is linked to work: from email and Slack to your laptop login. In order to be considered strong, a password should meet the following criteria:
- A minimum of one lowercase letter (a-z).
- A minimum of one uppercase letter (A-Z).
- A minimum of one numeric character (0-9).
- A minimum of one special character (~`!@#$%^&*()-_+={}[]|\;:”<>,./?)
- At least 10 characters in length.
Many people tend to tack on numbers and special characters at the end of a password. To maximize security, it is a good idea to include these characters in the middle of a password as well. If you don’t want to create your own passwords, you can also generate them automatically through a password generator, such as this one from Norton.
On top of this, it is important to use different, unique passwords for each account or device. In case one password is hacked or leaked, this will mean your other accounts are likely still safe. You can use a password manager app like LastPass or Dashlane to keep track of your passwords.
Cybersecurity experts recommend changing your password every three months. In the everyday routine of work, it is easy to forget this. A good way to remind everyone to change their passwords is by sending reminder emails or putting reminders in people’s calendars.
Make sure home Wi-Fi networks are secure
In a fully remote company, most people will be working from the comfort of their own home. This presents risks for network security. While office networks are usually adequately secured by on-site IT teams, not every employee will have paid this much attention to the security of their home Wi-Fi network. Many people may still be using the default passwords of their home networks and may never even have changed them. Changing the password of your home Wi-Fi network to a strong, unique one significantly reduces the chance of getting hacked. Make sure your employees are aware of this and that everyone has updated their passwords.
On top of this, most WPA2 and WPA3 routers also offer the option of data encryption. This option should be turned on in order to ensure maximum security. Another simple step to take is to move the router to the center of your home. This makes it less likely that people outside of your home will be able to access the network.
Use a VPN
Using a VPN should be a core security component for fully remote companies. A VPN re-routes the connection between your computer and the Wi-Fi network that you are using. This hides the location of your computer and encrypts the signal between your computer and the Wi-Fi network, making it more difficult for hackers to access your data. Make sure your colleagues know the importance of using a VPN and are familiar with how it works.
When your company is fully remote, chances are that some of your colleagues will choose to work from a coworking space every now and then. As these places use public Wi-Fi networks, working here is generally less safe than working from a home network environment. Using a VPN is therefore even more of a must in these situations, and it is important to make sure people are aware of this.
We are using OpenVPN, a simple solution to create a private VPN for your company.
Use two-factor authentication
Two-factor authentication (2FA) is a very important step to take in order to keep your data safe. When 2FA is enabled, employees will have to validate their identity after logging in by entering a special code received through text, email, or an application like Google Authenticator. Make 2FA the standard for all of the accounts that you use in order to maximize security.
Use a webcam cover
If your webcam is not protected, hackers could be quietly watching your every move, and you would not even know. Using a webcam cover makes sure that no one can see what you are doing in the privacy of your home. As a fully remote company, it is a good idea to send a webcam cover to your employees to maximize security. If this is not logistically possible, you can also give each of them an allowance to order one for themselves.
Keep your email safe
Working in a fully remote company likely means that you are keeping a lot of important information within your email. It is therefore very important to protect your email account and make sure no one else but you can access it. You can do this by setting a strong, unique password and enabling 2FA for your email. On top of this, consider using tools to make sure hackers and phishers stand no chance against you. EasyDMARC is a great tool that ensures that only people you have authorized can send emails from your domain. This tool works as a great protection against business email compromises and other types of scams that fully remote businesses are particularly vulnerable to.
Build a security-friendly culture
Implementing a set of tools or policies is not enough to truly center security within your company’s values and culture. In order to do this, you need to build a security-friendly workplace. This is a workplace in which all employees feel comfortable with the topic of security and in which open conversations around this topic can take place. Creating a culture like this takes energy and time. This guide on building a security-friendly culture goes more in-depth into what it takes to truly center security within your fully remote company.
Conclusion
We hope this article has been helpful to you. If you run a small to medium-sized business, we have many other articles at Openprovider that might be useful for you, whether you are working remotely or from the office: from picking the best domain name for your website to internet security and organizing your customer service. Check out the articles below:
- How to choose a domain name for your business.
- Website content and domain names: how it works and who’s involved.
- Choosing a hosting provider: your website’s host matters!
- Everything you need to know about SSL certificates, for beginners.
- Setting up a customer service department for a small business.
- Multilingual websites: all you need to know.
- Best practices for fully remote work.