Having a team of remote employees provides a massive boost to your organisation. Among other benefits, they get more things done; save you more money; improve your cash flow, and give you access to a larger talent pool.

However, these benefits come at a price: working with a remote team may expose your data to risks, which may arise from:

Cyberattacks

A cybersecurity attack – or cyberattack – is an attempt by hackers to damage, destroy or gain unauthorised access to a computer system or network. To get the job done, hackers commonly use methods like:

• Social engineering – The act of manipulating people to get them to provide personal information against their best interests. Examples include phishing, vishing, and impersonation.
  
  
• Malware infections – Malware (or malicious software) is created to invade, damage or disable computer systems, networks or devices. More importantly, malware can also be used to steal data.

It’s also common for social engineering and malware to be used in tandem to dupe targets.

The use of public WiFi

When remote employees work from locations with public WiFi, they become vulnerable to cyberattacks. Why? For starters, many public WiFi hotspots use older encryption schemes, which are easier to crack.

There’s also the possibility that virtual assistant might inadvertently log in a rogue hotspot, which can be used for a man-in-the-middle attack.

Personal devices

There’s a reason why organisations provide devices like laptops and mobile phones to telecommuting employees: to protect corporate data. Company-issued devices are made more secure against attacks.

But if you hire staff in the Philippines and work with remote employees, they will most likely use personal gadgets, whose security isn’t necessarily as iron-clad.

Data security best practices

So what’s the solution? If you work with an offshore assistant remote team, there are several strategies you can use to protect your company’s data:

Implement a cybersecurity policy

The first step is to develop and enforce a cybersecurity protocol that outlines:

1. The company assets you need to protect.
2. The risks to those company assets.
3. The guidelines for protecting those company assets.

Here are examples of policies that may be covered by a cybersecurity protocol:

• How to store passwords properly.
• How frequently should users update passwords.
• How to handle confidential information.
• How to handle removable storage devices.
• What business information is appropriate to share on social media.
• How to respond to a cyberattack (e.g. documentation, internal communication, how to contain the breach).
• The roles and responsibilities of each employee in the event of a cyberattack.

Having a comprehensive cybersecurity policy in place means your organisation will know exactly what to do in specific circumstances.

Use a password manager

Judging by the worst password lists published every year (this one is one of the latest), it’s clear that people aren’t very good at creating their own. Worse still, everyone with an account online needs to create a unique password for each and remember everything.

To get around these issues, have each member of your team use a password manager, which will help them generate, store, and retrieve complex passwords.

There are many password managers out there. While each has its strengths and weaknesses, some apps will have more appropriate features for your virtual assistants in the Philippines team than others. The key is to find a password manager that best suits your organisation.

Employ multi-factor authentication

Multi-factor authentication (or MFA) is an extra layer of security where a user is allowed entry to a system only after providing:

1. A username and password;
2. An additional code which only the user has access to – like an authentication app.

The use of an MFA helps make your company data more secure because it requires users more than one factor before they’re granted access to your website, database, or any other repository that contains sensitive company information.

Just beware that using SMS for MFA isn’t secure thanks to social engineering. For tighter security, the best option is currently those time-based one-time passwords. Aim for apps that encrypt MFA tokens and back them up on the cloud.

Control access to files

To avoid any unnecessary risks, limit the access of each remote worker to documents and files that are relevant only to their everyday tasks and responsibilities. You can take this a notch higher by creating a dedicated folder where your offshore team can send essential files.

Yes, you trust your remote employees; if you didn’t, you wouldn’t hire them. That said, you have no control over the individuals they associate with, who may have access to your remote employees’ devices.

Avoid using public WiFi and net cafes

Because public WiFi hotspots are a security risk (see above), prohibit your remote team from using one – especially when sending or receiving confidential company information.

Similarly, instruct your remote assistant employees to refrain from working in internet cafes, which are a major security risk. Consider the following possibilities that may occur in such establishments:

• Your data and keystrokes may be captured by hackers.
• Someone could be shoulder surfing.
• Network sniffing software may be installed on the rental computers.

Provide security software

Anti-malware isn’t as essential as you may think (the latest malware can evade detection), but most companies can’t simply do away with it. Why? Because people do stupid things all the time. We visit dubious websites, use public WiFi, and click suspicious attachments.

So get your remote team security software to provide them with some protection. Granted, vigilance and prevention is still a better approach to protecting data, but having a layer of defense would help too.

Sign up for cloud services

Cloud services come with a few key advantages that would benefit your remote assistants:

1. They enable your employees to work from any location.
2. A secure virtual working space
3. Massive virtual storage that encrypts your data.

Important: the encryption provided by cloud services wouldn’t be much help if your members use weak passwords. Make sure they use strong ones. To generate formidable passwords, use a password manager.

For the best possible protection, encrypt your data beforehand with your own encryption software, then upload it to the cloud. If you need the data later, log in to the cloud service, then download and decrypt it yourself.

Train your staff to establish secure habits

It takes good habits to keep data secure. Some may seem obvious, but you might be surprised at how users take them for granted. Always remember to:

• Always keep your firewall up. It’s your computer’s first line of defence.
• Encrypt your drive and its backups. Doing this scrambles the data on your device, making it impossible for others to understand.
• Change your passwords regularly. Like every 30 days or so.
• Avoid sending passwords (e.g. instant messengers and email). They can be read by others.
• Use SSH keys. They’re more complex and far more secure than passwords.

Note that following all these strategies won’t be a guarantee that your company’s data is completely protected. First, your data’s security would depend on everyone’s compliance with the measures you establish.

Secondly, data breaches happen to companies of all sizes. What matters is how well you prepare for and respond to them.