4 tips for good data protection when working remotely

Just one person in your team can cause huge problems for you and your business through mismanagement of data, but they can also be your strongest asset. Therefore, it is key that your team are trained on good data protection.

You need make sure everyone (including all the business owners, directors and management team) understand the risks of poor data protection.

Things are some things to make your team aware so they can help keep your data secure and protected:

• Ensure that staff are aware of potential threats from malware and viruses about links in emails, IM’s & bogus web pages. Be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source.
• Ensure staff are educated about calls from bogus organisations
• Define a clear procedure to follow in case of a security incident.
• Ensure that staff have a secure way to access their work servers through either VPN or remote services like LogMeIn, Remote PC & TeamViewer.
• If staff are using BYOD (Bring your own devices) that they have anti-virus installed on their machines. Even a free one like Avira or Avast on their machines are better than nothing. Also make sure that they regularly update their computers to ensure that they have all recent security patches installed.
• Ensure that PC’s or laptops are locked if unattended. Although in a home environment you are less likely to get someone sneak access to the company servers you are at more risk of a toddler or pet hitting a few keys and causing problems! Remember the story about the toddler who bought a £9k car? (here)
• Making sure that Staff mobiles have something like Microsoft Intune to enable them to delete data in case of loss or theft.

Having good password protection is incredibly important. Ensure your team are creating strong, secure passwords that cannot be easily guessed by hackers and that are changed regularly (e.g., every month). This is our rules for our team:

• Password must be changed every month
• Old passwords should never be reused
• Passwords should not contain personal information
• Ensure passwords for different things are different

Some guidance on creating a good password:

• Choose a song – Fly Me To the Moon.
• Choose some lyrics – it could be the chorus or the bit you secretly belt out in front of the mirror when no one is watching – Fly me to the moon and let me play among the stars.
• Shorten it – Take the first letter of each word to make the basis of your password – That leaves us with fmttmalmpats.
• Get case sensitive – Mix lower and upper case letters to make the password a little harder to guess – FmttmalmPATs.
• Swap letters for symbols and numbers – Fm2tm&lmPAT*

Ideally you should have the following:

• Encrypted work laptops
• Secure encrypted VPN
• Encrypted work mobile phones
• Privacy screens so that no one can read information off your laptops (if using in public spaces).
• Encrypted memory sticks11

Not all small businesses can always afford to provide all their staff with the technology above especially under current financial pressures!

• Ensure that your server’s anti-virus software is up to date and working properly
• Ensure if they are taking documents home with them that they are on encrypted memory sticks or encrypted partitions on memory sticks using software like Microsoft bit locker & rohos.com Rohos Disk encryption.
• Switch auto lock on for all remote desktop PC’s
• Discourage staff from printing remotely and if they do so, ensure that they have a shredder to safely dispose of the print outs.
• If there is 2 factor authentication on any software or services you use then use it!!
• Use secure forms of communication if possible, like Microsoft Teams to stay in touch with staff & share information such as security procedures for remote working.
• Consider using password management software for a single sign on for all your software safely with multi factor authentication

Today’s cloud software has to go the extra mile when it comes to security. For example, if hacked the information contained in your accounting package could lead to criminals gaining access to your business banking information and cause disastrous damage.

To help combat this as part of Xero’s commitment to your data security they have recently started pushing Multi-Factor Authentication (MFA) as default to help prevent your data getting compromised.

Multi-Factor Authentication (MFA) is an additional layer of security designed to confirm your identity when you log in. It associates something you would know (your username and your password), with something you have with you (an authentication app on your desktop or smartphone). It helps prevent someone accessing your account even if they have the password, it is simple yet very effective.

If you haven’t got MFA set up in Xero, you need to:

• Download the ‘Xero Verify’ app on your smartphone from the Apple or Google App Store, or your authentication app of choice
• Xero Verify will send a push notification to your mobile device when you log in for a fast, easy and secure way to authenticate (the app also generates codes in case you don’t have internet access)
• If you do not have access to a smartphone, you can use ‘Authy’, which is a desktop authenticator and log in to Xero from a laptop or desktop computer and follow the instructions on the screen

If you encounter an error, and need some help, refer to this troubleshooting article from Xero, or contact our Cloud Team at 01474 853 856.

If you are not on Xero and are thinking about making the switch, speak to our Cloud team about how easy it is to switch accounting packages and the other benefits of using Xero as your accounting software. We will never recommend you switch to Xero unless it is right for your business, so it’s always best to discuss this with us. Email cloud@a4g-llp.co.uk or call 01474 853 856.