Cyber Security used to be considered CIA (Confidentiality, Integrity, Availability). We need to be thinking of this as CIA+S, where S is for safety.
How is my data kept confidential? How is the Integrity ensured? Are audit logs maintained to demonstrate the claims of integrity? If my data is available, how do I make use of it? If there is a backup of the data, how long until I can access the information? Read more about CIA here.
These concepts are as valid as ever, but there is an even more important idea we need to bring into the dialog -- Safety.
Ever click on a link in an email accidentally?
We often think of security as a perimeter, and then once you're on the inside, all is good. But that is a flawed assumption. An unauthorized user, or even perhaps an ignorant one, can cause damage. We have all been ignorant users at some point in our journey ( at least I have been ). Ever click on something accidentally!?
Sometimes I sound like a broken record. I've said this time after time. Business leaders need to continue to educate employees about data security and how everyone is responsible for protecting it. Keeping it safe!
Business owners also need to initiate certain practices and procedures that will strengthen data security within their businesses.
Remote workers must prioritize data security education and safe practices, then commit to those measures. The responsibility is the business owner and the employee.
5 ways to work remotely and not sacrifice security/safety along the way
1. Ensure all internet connections are secure and employees are using VPN (Virtual Private Network) before signing on to public Wi-Fi networks.
2. Keep Passwords strong and unique and use a password manager. Password safety is no joke, using the same password from device to device and program to program opens up a huge risk to your data and sensitive information.
3. Rely on Two-Factor Authentication (2FA) which confirms a user's identity by first requiring a username and password as well as another piece of information such as an answer to a "secret question" or a code sent to their cell phone.
4. Use encryption software to protect employees devices. If a device is lost or stolen the sensitive data or information can not be accessed by unauthorized users.
5. Update all firewalls, anti-virus and anti-malware software especially if you are allowing employees to use their personal devices (BYOD) for work. Personal devices do not have the same level of protection installed.
Remote work does not have to jeopardize data security. Once remote workers are educated and these top cybersecurity procedures are implemented, they can quickly become standard practices that everyone in a company can commit to with ease — and everyone within the organization can feel confident that they are doing all they can do to protect the security of their employer’s data.
Remember, all employees don't have the same level of technical expertise, so any organization concerned about their data security should be prepared to offer technical support help. Feel free to reach out to navitend if you are looking for additional technical support.
Contact us at 973.448.0070