Working remotely is the new norm for most. If your business is moving online, you should be aware of the digital privacy and security risks your business now faces. The FBI’s Internet Crime Complaint Center warns of a spike in fraudulent activities preying on virtual employees. No entity is immune from the inevitable uptick in hacking activities, not even the World Health Organization (WHO).
Privacy 101: A Safe, Virtual Workforce.
One of the best things you can do for your online business is minimize risk.
Now that you’re online, some of the most important assets of your business may be freely given to unknown third-parties, sometimes without you even knowing it. Below are some best practices you should implement as you decide how to communicate and operate in the new all-digital world.
- Choose your online tools carefully.
- Encrypt online communications.
- Use a password manager for your team.
- Enable 2FA on all your accounts.
- Consider connecting to a VPN.
If some or most of the tips above seem like they’re written in a foreign language, keep reading!
Choosing Your Tools
There’s no shortage of options when it comes to choosing that online tools you and your business should use during the COVID-19 pandemic. But how can you ensure the options you choose are secure . . . especially if they’re free?
Nothing in the virtual world is 100% lock-and-key, steel vaulted, bridges and moats secure. But the least you can do is make sure it’s incredibly difficult for any hacker passer-by to get through and collect your data and business secrets.
When choosing your tools, you want to ensure that your information can be protected by a. passwords or biometric information, b. 2FA (see below for the DL) and c. retention and sharing opt-outs.
Now, most every free version of anything is going to have its security lapses. For instance, if your remote workspace has moved onto the Slack platform, you might be interested to know that Slack will retain all your messages in the free workspace or channel for as long as that workspace exists. Under a paid version, however, you can enable limits on retention periods.
Before moving your employees onto a free OR paid working community, you should read the privacy pages of those platforms (or if that sounds super boring, hire a privacy lawyer to do it for you).
Have you heard of end-to-end encryption? This is a virtual security measure that follows the techniques of old-school coded messaging. For example, Mary Queen of Scots would use a special key to encrypt all her correspondences. The receiver of the Queen’s notes had access to a replica of the key, so that only he could read the Queen’s missives, as the intended recipient. But if a message was intercepted, the eavesdropper would have no idea what the jibble-jabble note meant because he did not have access to the special key. Similarly, end-to-end encryption utilizes a special key created by the author that only the intended receiver has access to. If the message is intercepted in cyberspace, the hacker will have a very, very difficult time figuring out what was communicated (only to find out after much decoding that it was just a meme about Grumpy Cat).
Be aware that some services offer encryption, but not end-to-end encryptions. For instance, SnapChat has encryption, but SnapChat holds the secret key and does all the decoding–not the individual systems of the sender and intended receiver.
End-to-end encryption can defend your communications against surveillance by the government, hackers, and the messaging service itself. Read those privacy policies to determine whether your online communications can remain confidential.
Utilizing a Password Manager
A password manager is an online version of the spreadsheet print out of all your accounts and passwords you keep taped to the underside of your desk. The purpose of such a tool is to enable you to remember many random passwords that change on a revolving (ideally, at least a bi-monthly) basis. The best passwords are ones humans can’t guess (random sequences of numbers, letters, and symbols that have no connection to yourself). Unless you have a photographic memory, you might find that you can’t recall whether C@tbaLL34 is your Facebook or Gmail password on any given day. A password manager can help your brain out and protect all your various, ever-changing passwords with one single master password.
Yes, the downside of an online password manager is that if the one master password is stolen, all other passwords are at risk. But if you’re using a super secure password manager, it’s likely that your master-pass is safe! Plus, you have the benefit of being able to access the password manager wherever you might be (like from your house or prepper parents’ bunker), which isn’t always the case with old school print outs. If you have powerful online enemies who may seek to attack you and your password manager, go back to using the printed out spreadsheet, but please don’t tape it under your desk.
Enabling Two-Factor Authentication
2FA (read: two-factor authentication) is a method of further securing your online data by ensuring that it cannot be accessed unless the user (you or your employees) is authenticated by at least two access points. Here’s my analogy. Do you have a lock box at a bank? No box may be accessed unless it is first unlocked by TWO keys. One key simply won’t do it. You keep Key #1 in your desk and Key #2 with the bank. Once both keys are turned in the lock, only then can you get inside your lock box. Likewise, with 2FA, your data is protected by two keys: the keys may be links or special codes sent to you through email or text, biometric data locks, or even special phone apps that have to be accessed.
Sound familiar? Good. Because you’re probably already using 2FA in some part of your life. However, many online services only use one factor to identify their users–the password–by default. 2FA can usually be turned on in the settings of that online service. Make sure all your employees are using it, because your information is only as secure as your weakest link (aka the employee whose password is “password”).
Connecting to a Virtual Private Network
Why should you consider purchasing a VPN for you and your employees to use while working remotely? A VPN (read: Virtual Private Network) turns your internet party into a masquerade. Without the masks, the online community can see who is who (‘ooh, that looks like a person who is data rich! I better try to hack them instead of these other users’ says uber-villain). Masks on, and everyone is anonymous. When you and your employees connect to a VPN, you’re masking your IP address, which–when unmasked–can provide an indication of your general location and identity. Some benefits of the VPN masquerade are:
- Hiding your internet activity from prying eyes (okay, so likely no one is sitting in an airport right now, but maybe their apartment neighbors are so bored that they’re becoming hacker masterminds);
- Circumvent internet censoring (if your employees are in a school zone or foreign country that controls what sites or services may be accessed);
- Connecting all employees to the company intranet while at home or traveling (Hot tip: beneficial even when there is no virus apocalypse).
Pinpointing what online tools are best for you considering the size of your remote workforce, the importance of your business assets, and the cost of security is a process where privacy counsel can readily assist.
Contact Rockridge Venture Law® for assistance with:
• Developing telework policies for your virtual employees;
• Developing technology usage policies for your employees;
• Developing privacy policies for your workforce;
• Developing data safeguards for your company;
• Developing California and EU compliant privacy notices for your customers, potential customers, and users of your platforms; and,
• Identifying and implementing privacy tools for your business.
Contact us for more information.
THIS IS NOT LEGAL ADVICE.
WE ARE NOT YOUR LAWYERS. NOTHING IN YOUR REVIEW OF THIS ARTICLE ESTABLISHES A LEGAL RELATIONSHIP BETWEEN ANY ONE OF US AND YOU. WE PROBABLY DON’T EVEN KNOW YOU, BUT WHO’S TO SAY WE CAN’T BE FRIENDS? NOTHING IN THIS ARTICLE IS WARRANTED TO BE ACCURATE IN ANY WAY, AND THOUGH PRACTICALLY UNLIKELY, IT IS POSSIBLE THAT THE SUBSTANCE OF THE ARTICLE CAN KILL, HARM, MAME, OR OTHERWISE DEFEAT YOU, PARTICULARLY IF YOU ARE READING IT WHILE ON A SCOOTER. YOU SHOULD NOT RELY ON ANYTHING IN THIS ARTICLE WITHOUT INDEPENDENTLY DISCUSSING IT WITH YOUR LAWYER. YOU PROBABLY SHOULD HAVE ALREADY BEEN IN TOUCH WITH A LAWYER BEFORE READING THIS ARTICLE. LAWYERS ARE A GOOD THING – ALSO NOT LEGAL ADVICE.