WebARX has had a remote team since day one. Today we want to share our knowledge on how to build a remote team and especially - how we manage remote work security.
By remote work security, we don't only mean that the team is feeling good and secure in the company.
By that, we mean more about how to build processes inside the team to guarantee that all the data sent inside the team is secured.
Before we start talking about security, we need to clear some things on the way. You are probably reading this because you have a remote team or are working toward building one.
So you'll have to start by thinking about how to keep the team happy and working well, before giving them instructions on how to work better.
It's important to think about your employee happiness, because not all remote workers are 100% satisfied with their job. There is a concern among remote workers and it is the feeling of being left out, according to recent research.
So first, it is important to find out what people are doing outside of work. By that, we don't mean where and when they buy their milk, but more of what their hobbies and passions are. That will give the team an opportunity to find out some relatable topics to talk about.
Talking about things that people can relate to on a personal level will create rapport. It is very important to build strong relationships in a remote team because rapport will help work through the problems in the team, build trust and build relationships on a deeper level.
Another strong suggestion is to use video as much as possible. If you can't see a person in the office on a daily basis, it's hard to understand what the person is thinking about. Even harder is to understand how they feel.
A video will tell you so much more than a simple text will ever be able to.
A good way to build relationships between the team members is to assign one-on-one calls between them. Whether they are developing a feature together of talking about the cooperation of development and marketing, it's important for team members to speak to a human and a face rather than to a chatbox on Slack or Stride.
And last but not least - get together with the team at least once or twice per year. Nothing beats meeting your team members and sharing moments, knowledge, and emotions - in real life. More importantly, you’ll build more rapport in a few days of teamwork in person than months of remote efforts.
It can cost a lot to get the team together, but the ROI is invaluable. To meet the people you are working together on a daily basis and spend some quality time together will always end in high energy and will indeed, in the end, increase productivity and communication.
Working as a remote team can sometimes be tricky, there are many remote working security risks, especially when it comes to keeping the data shared between the team members securely.
There is no such thing as ultimate 100% security, but “being secure” means that there are some measures in order to enforce information security.
So one of the deep concerns we faced whit remote team security when we started building a secure remote team was how to keep the data as safe as possible.
As you maybe know practices like sending passwords via email are something that people working in the cybersecurity field will consider downright stupid.
Having a remote working security policy in place is essential for every team, cybersecurity-related work or not because it's a first step for building a secure environment around the business. As you may already know, the number one weak link for businesses when talking about cybersecurity is the people.
Another example of a security risk is phishing emails, it's always extremely important to double-check the email and sender name. Phishing emails are getting more and more advanced and we have come across to even the sneakiest ones that are even for people working in cybersecurity hard to spot in a quick overview.
Especially important in remote work security, and in general, is to make sure that the emails your team is receiving are from a trustworthy source. Especially when there are links, buttons or attachments added.
If you get an email and don't know the sender or the email itself looks a bit fishy, don't hesitate to ask for help from your team members.
You can even contact the company providing security-related services to your business, they most definitely will help you out. It's your company and your own data and information that can be at risk.
Whenever you are in marketing, sales, or development, you use different tools to automate or schedule your work. Especially plugins that you may download on your website.
As securing websites is our expertise, we see it on a daily basis, where companies who are trying to make their work environment secure fail because of a simple outdated WordPress plugin. But not only websites need protection, but there are also several other ways to gain access to your data (for example bad hosting provider).
There are many security measures that are a standard in most offices - like keycards or protected WiFi, but when your team is remote, it sometimes means that team members work even from a coffee house or a large co-working space.
So where's the issue you ask? Let's start with public WiFi. There are two types of public WiFi networks - one is secure and the other is not. And by secure, it's usually meant that the network is protected by a password or a sign-up process.
We would recommend never accessing your personal data, company data, or bank accounts via a public network. Also shopping online is considered a bad idea.
To make sure, you are secured working in a public place we would recommend using a VPN (Virtual Private Network). This will ensure that your anonymity is protected and will ensure that the data you send or receive is encrypted.
You can see how to set up and use a VPN here.
Nobody likes passwords and nobody likes to generate new passwords. That's the reason we use password management tools. Life just makes so much more sense after starting to use one.
Password management tools are good for several reasons:
Firstly - you won't remember every password you have. A very bad practice is to use one password in more than one account. To use a password is bad anyways - but we'll go there later.
With password management tools you can easily access all your passwords from one place with one master key.
Secondly - use passphrases or generate a random key with your password management program.
It's important that all your passwords are unique. A good password manager will randomly generate your passwords for you, and store them safely. It doesn’t matter what password manager you use, as long as you use one.
We use LastPass and KeePass in our team - check them out. KeePass is a bit geekier, but LastPass is widely used and has good UI. Another one is Dashlane if you want a third option and are not using Linux. It's your choice.
Thirdly - the master key. Instead of using a password, use a passphrase, which is much longer in length. Use some numbers and upper and lowercase letters. And to make it clear - by passphrase you should consider generating a short sentence, but make sure, it's something you'll remember.
Two-factor authentication (2FA), also called multiple-factor or multiple-step verification, is an authentication mechanism to double-check that your identity is legitimate.
It's something that will keep your accounts even more secure and offer you an extra layer of protection, besides passwords. It’s hard for cybercriminals to get the second authentication factor. This will drastically reduce their chances to success.
2FA is a must-have for:
Here you can find some mobile apps that you can use for two-factor authentication: Google Authenticator (available for Android, iOS, Blackberry). Authy (for Android, iOS, but also available as a desktop app and browser extension). Microsoft Authenticator (Windows Phone 7).
Strong passwords and solid encryption technologies go a long way toward keeping our data private. In addition to that, there are other options or recommendations to make sure you are secured in different working environments.
We have a thing in the Patchstack team, that we don't like people looking at our screens when we work. But those tools can’t stop someone from simply peeking at your screen from over your shoulder, or worse – snapping a photo of what you’re working on.
It’s called shoulder surfing and it’s a serious security threat that businesses shouldn’t ignore.
“Companies should educate and train employees to properly handle company data. Issuing a clean desk policy, using privacy filters to help protect sensitive information displayed on screens, having a document shredding process, and setting up procedures that allow employees to report suspicious visual hacking behavior are other practices to lessen the chances for visual hacking. Organizations should perform regular, company-wide visual privacy audits to help identify and address vulnerabilities.” (source)
Fortunately, there is an easy fix - privacy filters. With privacy filters, only the person sitting directly in front of the screen can see what’s on it. Anyone trying to sneak a peek from the sides or top will just see a blank, black screen.
Developers are usually the most common nomads. And it's mainly because everything a developer needs is on their computer or on the cloud. Therefore, it doesn’t matter whether their colleagues are physically next to them or not.
For those people who are constantly moving around are most probably doing it with their backpacks. The backpack usually contains their whole life and all the important stuff they need for everyday life. That is why it is absolutely crucial to buy a backpack with a zipper that is secured.
There are a lot of cool and well-designed theft-proof backpacks out there and it's definitely a good investment to keep your belongings safe while you travel.
Another thing for keeping your data safe, if it is not on the cloud, is using an encrypted hard drive.
When your laptop gets lost or is stolen and even if you have a password to access your laptop, it means nothing if the disc is not encrypted. If the hard drive gets removed and put into another computer, there is still access to any files you have stored on it.
In some cases, it is possible to even reset the password on your laptop and gain access to your email, passwords, and other personal information.
If you have Windows you can use BitLocker or VeraCrypt. If you are a Mac user you can use a built-in system called FileVault. You can learn about encrypting your laptop from here.
And if you are into cool gadgets try the Yubico little key-shaped "keys", which you can plug into your computer and, along with your password, complete the second half of a 2FA web login.
If you are starting to build a remote team we hope these recommendations will come in handy. But most definitely these will come handy in any type of team, remote or not.
We always try to explain the importance of remote work security, not only because we are a company providing security, but in a world that is experiencing more and more cybercrime each day, it's something no successful business cannot ignore.
But yeah, most importantly keep your team happy and connected, try to implement security step-by-step, and always keep your software and website updated and protected. Why not even make a competition out of it? *wink-wink*
Illustrations in the article are found from Giphy.com (Made by Li-Anne Dias)