6 Tips for Ensuring Security with Distributed Teams
When people hear that you’re a remote company, they often appear somewhat skeptical. Their first question normally is: “Is remote work secure?” We at Advent always like to say: “That depends on the security practices you have in place.”
To make it more interesting, let’s compare companies with ancient cities. In the past, cities that built great walls and guarded their resources with towers and bastions had better chances at driving enemies away. The city of Constantinople was one of the most famed cities of the medieval world. It suffered many attacks, year-long sieges, and internal rebellions over the centuries, but the city’s legendary defenses kept it safe and unconquerable.
In a similar way, remote companies must incorporate data security solutions to ensure their clients’ secrets and code stay protected. But how do you prevent security breaches in a world where your team is scattered on all four sides of the world?
Here are a few tips for incorporating data security into your company culture and making your hackers say: ”Maybe we’ll try some other time.”
1. Outline Strong Password Management Policies
It’s in our human nature to use bad practices when it comes to passwords. But can you blame us? The average person switches between dozens of apps and tools daily. You log into Slack to share a word with your remote employees, open Asana to check your outstanding tasks, and go to Google Hangouts to join a video call.
With so many apps to juggle, people usually use the same password over again. In fact, a 2018 survey by OpenVPN found that 25% of employees use the same password for every enterprise system they access on a regular basis. These passwords follow a recognizable pattern and are usually a combination of:
- people’s names
- names of places
- favorite food
The best thing you can do to keep your data secure is to use a password manager. Password managers are a great way to store your passwords and reduce the risk of a data breach. Not only that they save your passwords, but they also help you generate strong and unique codes that’d be difficult to hack. The majority of these password managers come with browser extensions that will automatically fill your password for you.
2. VPN Connection is a Must
VPN connections are a must on remote teams. Team members are scattered in multiple time zones in different parts of the world and access your business network from their devices. As your business network holds sensitive data, you want to ensure that no cyberbully will eavesdrop on your connection.
A VPN service will allow your remote employees to establish a secure connection with a remote computer network from any location in the world. The remote worker will be able to use the Internet as if they were present at the VPN’s location. Meaning, your employees won’t have to use unsafe public Wi-Fi and will be able to access geo-blocked websites. What’s more, you can even disable someone’s access from a single place and avoid unauthorized access.
3. Two-Factor Authentication on Emails and Tools
In today’s online environment, the traditional “username and password” approach to security is easy prey for hackers. Many log-ins can be compromised in minutes. Some reports even say that hackers can crack your weak password in less than 30 seconds. 😲
That’s why adding another layer of security is a common best practice among distributed agile teams. A two-factor authentication supplements the username and password model with a code that only you know.
This security technique confirms your identity when you log into a website or an app by requiring you to:
1️⃣ Know something (a user name and a password or a PIN)
2️⃣ Have something (a mobile device, a U2F key)
Make sure you educate your employees about using multi-factor authentication and using a password that contains a minimum of eight characters.
It’s also recommended to use unique phrases that contain numbers, lower and upper case letters, as well as symbols to protect important accounts.
4. Take Advantage of Cloud Applications
Remote working wouldn’t have been possible without cloud applications. The creation of video conferencing, online communication and other collaboration tools have completely erased the need for employees to be in the same room. Many small companies use Google Apps for office applications. Other companies use cloud applications for more specialized tasks, such as Jira for software development project management.
Apart from boosting your team’s productivity and engagement, these cloud apps can also keep your data safe and secure.
Cloud-service providers will provide you with safe virtual storage and working space. What’s more, they’re often better equipped to handle your data protection.
However, even if you’re using cloud applications, educate your employees about the importance of strong passwords. Make sure you refrain them from reusing passwords across various applications or sites. If the application offers two-factor authentication, use it.
5. Choose Applications That Have SSO (single sign-on)
Carefully selecting applications to use on a company level is a huge task. Make sure the tools and technologies you choose for everyday use have the highest level of security. In 2019, you can still find many companies using unencrypted passwords.
Stay away from companies like this. Before purchasing anything, ask them what their security protocols are. Companies that have implemented SSO are always a better choice because you can see they threat security really high.
6. Standard Best Practices
Maybe you’ve already implemented these common-sense best practices, but let’s go over them just in case they slipped your mind.
✔️Turn on your firewall
Computers have firewalls built-in to stop malware from spreading to a network. They’re a solid defense against hackers and can prevent them from infiltrating a system. If your firewall is disabled, your business is vulnerable to hacks and attacks. Make sure that it’s always turned on.
✔️ Encrypt your disk
Let’s imagine that your laptop got lost or your remote employee’s phone got stolen. You start panicking because you kept your private business data in there. To prevent this scenario from happening, you should consider encrypting your files. When your files are encrypted, they become unusable until they’re decrypted which is possible with specific software and password. Keep in mind that your OS doesn’t encrypt your files automatically. You need to turn on disk encryption data options like Bitlocker (Windows) or FileVault (Mac).
✔️ Enable encrypted backups
An encrypted backup is one of the most secure tools you can use to protect your data. If your laptop gets stolen or you forget your iPad on an airplane, your data will be locked securely with the password only you know. Educate your employees about doing the same.
✔️ Use SSH keys
SSH keys are similar to passwords. They grant access and control who can access what. To create an SSH key, simply run ssh-keygen.To push the key to a remote server, copy the content of your local ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys in the remote machine.
We all know the benefits of remote work: freedom, comfort, and reduced costs. However, there are big challenges associated with having a remote team. One of them is security issues. From using unsafe public connections to losing a device, companies must ensure they’ve made a reasonable effort to keep their sensitive data secure.
To sum up:
- Keep your data secure by using a password manager.
- Use a VPN service to allow your remote employees to establish a secure connection with a remote computer network from any location in the world.
- Add another layer of security by using two-factor authentication.
- Take advantage of cloud apps to keep your data safe and secure.
- Don’t forget to implement some standard best practices like SSH keys and firewalls.
To prevent security attacks from inside your company, make sure you thoroughly screen your remote workers before making a hire. Have everyone with access to your sensitive information sign an NDA.