Emilia D’Anzica, Growth Molecules™, founder, helps companies grow revenue with actionable Customer Success strategies. Growthmolecules.com
If you were your own customer, would you be happy with the level of data protection you were given?
A 2019 global risk management survey by AON (registration required) noted that banks, government agencies, healthcare, insurance and tech industries all consider cyberattacks and data breaches the No. 1 risk they face. In 2018, the average cost of a data breach was $3.86 million—a number that grew to $4.24 million in 2021.
The pandemic ushered in a new era for remote working. While firms in tech have not been strangers to working from home, many industries that were inflexible on the issue pre-2020 had to quickly adapt to remote practices. Technology has presented a great opportunity, but, as many are discovering, it brings greater risk.
In 2021, we saw the highest number of recorded data breaches. The Identity Theft Resource Center’s 2021 Data Breach Report said there were 1,862 breaches last year, up 68% from 2020. With this in mind, I believe leaders should be looking at what to do when they encounter a cyberattack, not if.
So, how can you secure your remote workers or clients who connect to your network? I’m on the advisory board of a company that specializes in securing payments and payment compliance, and I’m also taking measures in my own company and life to protect my family and identity after experiencing hackers’ attempts to obtain my personal information. Through these experiences, I’ve learned a few ways companies can begin securing their remote teams.
1. Make cybersecurity a top-down strategy.
Building a culture of cybersecurity, establishing secure systems and providing continuous monitoring are the keys to protecting your systems and data. The hackers’ game is strong, and you need commitment from the top in order to protect the data with which you are entrusted. Your IT security is a governance issue, rather than a “technology problem.” There are many solutions, but the most effective strategy begins with building a culture of safety.
2. Know the law, and do better.
In 2018, the European Union implemented the General Data Protection Regulation, the “toughest privacy and security law in the world.” Although the GDPR is an EU law, it imposes obligations on companies anywhere if they target or collect data that applies to people in the EU. As many organizations have a global presence and see privacy advocacy headed in the same direction, they can stay ahead of the curve by being compliant with the strictest guidelines. I believe it is better to be more secure than do the current legal minimum and be vulnerable.
3. Enforce your remote security policy.
Your systems are only as secure as your least safety-conscious colleague. Data security is everyone’s responsibility. Today’s workforce sees global enterprises working around the clock and staying logged in as they work from home or work on the road. Multiple devices, internet access points and servers provide potential channels for hackers to find flaws in your system.
Enforcing policy goes beyond requiring a strong password. You can discourage employees from using public Wi-Fi. Security fixes and patches should routinely and promptly be pushed to all users, documented and automated where possible. If you show your teams that you are serious about mitigating risk, it will become part of your organizational culture.
4. Consider your bring-your-own-device policy.
Allowing team members to use their personal devices comes with inherent risk. Your assets are now vulnerable to apps and software installed on those devices. When your colleagues check company emails or connect to a server from a personal device, you increase your overall risk. There are a few ways you can minimize your risk.
• Encrypted virtual private networks can be used whenever personal devices are being used for work purposes.
• Provide training on how to change security settings on personal devices to appropriate levels.
• Provide the latest firewalls, cybersecurity apps and antivirus software for relevant operating systems. Push updates and patches as they become available.
• Provide multifactor authentication to deter unauthorized third-party access.
• Manage user privileges to minimize the damage from potential attacks.
5. Use trusted and secure collaboration apps.
Messaging and collaboration apps are popular, but keep in mind that hackers can use an app with known vulnerabilities to infiltrate your workplace network. If you use these types of solutions, I recommend making sure that complete control is under the enterprise and not the remote workforce. For example, you should be able to turn off access to your company Slack channel or shared Google Drive, as well as disable access to any document shared via that channel upon resignation or termination of a contract.
6. Secure your information, and train your workforce.
Many breaches happen when an unsuspecting employee clicks on a malicious link in an email or is tricked into giving login credentials (commonly known as phishing). Despite the advances in technology and security, these emails are often sophisticated and can seem trustworthy. However, malicious links and attachments can contain malware.
Train your employees on risks, encryption tools, protocols for sharing company information (with specialized training for sensitive data controllers), and to take cyber threats seriously.
If you haven’t already done so (or you haven’t done one in a while), perform a fire drill where you simulate various potential scenarios during a cyberattack. The Harvard Business Review shared a useful article on how to perform a fire drill to expose your weaknesses and help you to develop a plan of action in the case of an attack.
Success is proactively keeping your customer information safe and secure.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?