Hacking Confessional: What a Pro Can Teach Remote Workers About Data Security
Get The Print Version
Tired of scrolling? Download a PDF version of our ecommerce data security article for easier offline reading and sharing with coworkers.
A link to download the PDF will arrive in your inbox shortly.
Data security is a hot-button issue right now, and for a good reason.
And in our digitized world, remote workers bear a greater risk when it comes to being hacked.
So instead of giving generic advice about “security,” I want to show you some ways you can secure yourself and your livelihood in the years to come.
This includes using the best remote work tools to work with your team while ensuring your data is secure.
To start things off, let’s look at the current state of data security.
Whether we like it or not, cyber attacks are prevalent these days.
Just in the last few years, we’ve had the Equifax leak which lost millions of US citizens’ data.
When half of an entire country’s personal data is breached, that should tell you something about your need for security.
But to make matters worse, even social media is starting to feel the sting of data leaks and misuse.
Facebook has been under the microscope due to the recent revelations about their dealings with Cambridge Analytica. It’s reported that more than 50 million users had their data compromised.
So now even the places we imagined safe are being used against us. What can we do?
First, it’s important to simply acknowledge that digital security is more important now than ever. You must ensure your security measures up, especially when dealing with customer and employee data.
The National Institute of Standards and Technology, or NIST, draws our attention to the fact that almost everything about modern life is dependant upon the billions of lines of code that make up the Internet of Things.
These lines of code connect us with everything from our dishwasher to high-tech military systems.
This means anyone with the know-how and an opportunity can hack your information, putting your livelihood and your employer’s credibility at risk.
And this is about more than just security. It’s about a remote worker’s ability to generate and maintain loyalty to digital brands.
SafeNet recently shared that customer loyalty is irreparably damaged when a data breach occurs.
That means that brands with remote teams not only have to worry about what’s happening on their own premises, but also off-premises.
For example, it’s harder to track time off and work breaks when remote teams aren’t physically in the office. Companies need to use a tool to manage employee time off, and couple this with manager check-ins in order to maintain time off allowances.
By extension, remote workers carry that same responsibility. They are a brand in themselves.
And to make matters worse, most people don’t use good security measures these days.
We have a severe issue here. It’s an issue that needs to be addressed, and not in a superficial way.
So let’s take a few moments to look at ways you can keep your data safe from prying eyes, starting with some lousy password habits.
Let’s just say it from the start. No one likes trying to keep track of their own passwords.
And no one likes trying to come up with a new password every time they are asked to.
Which means that password reuse is a dangerously high trend:
Almost nine in ten people under the age of 30 are reusing their passwords on a regular basis.
That means for the majority of us, if one password were discovered, then all of our data would be at risk.
To make matters worse, the ways we do store and recall our passwords are pretty abysmal too:
These statistics are eye-popping when you think of the implications. More than half of us reset a password every 60 day period.
And for the ones that do write our passwords down, we now have to keep a physical record safe from theft or harm.
That means that the likelihood you could be hacked hinges on your recollection of a few select passwords and how well you can keep them secure.
But we’re not even done with the bad news. Worse yet, plenty of people rely on the same passwords that are well known to hackers:
This physically hurts me to think about, because so many remote workers are playing a reverse lottery that could sink their lives beyond repair. It’s not a game you want to play, much less win.
This type of service is great for workers who have too many passwords to remember but still want a secure option that lets them log in.
It works by letting you save passwords in an encrypted vault and then requiring a master password for use.
It will even help you generate new passwords that are virtually uncrackable.
They have a basic or a premium service that lets you store and easily use passwords on a variety of websites, as you can see in this screenshot.
So you can either be secure for free or pay $2 per month and have a few extra bells and whistles.
Either way, you’ll be able to diversify your passwords and have a more secure digital lifestyle.
I also recommend checking out a tool like How Secure is My Password?
As you can see, it lets you input your password and then tells you how quickly it could be discovered by a computer.
My abysmal example would be hackable in one minute. I probably shouldn’t use that password anymore.
Whatever you do, find a way to keep your passwords both varied and safe. You’ll be much more secure for the minimal effort it takes.
“Establish consistent password best practices throughout your organization.
Even as hackers and their toolset get more advanced, weak passwords remain the #1 cause of system, business or site compromise that we see.” Jordan Brannon, President, Coalition Technologies
HTTPS is one of the classic signs to look for when browsing the web. It’s also now a major ranking factor on search engines. If you run into a site that’s asking for personal information but doesn’t have one of these:
Then you’ll be flirting with risk and needlessly exposing your information.
To help you understand how HTTPS works, InstantSSL shared this helpful graphic that encapsulates the entire process.
Essentially, HTTPS just adds a layer of protection to your data while it’s transferred through the web. Whenever encryption can be on your side, it’s worth the effort to get it.
This process helps minimize the risk that someone can steal your information, especially if you’re looking at private or financial information.
But the catch is that not every website is savvy when it comes to HTTPS. In fact, only a little over 300,000 sites currently use HTTPS as their default:
This means there are thousands of more sites that aren’t using HTTPS when your data is involved. If you’re using WordPress, make sure you use fast and secure WordPress hosting.
In fact, just 65.2% of the top websites according to Alexa use this basic layer of security:
That’s probably not what you wanted to hear.
But thankfully, there’s a pretty easy solution to this mess that requires a few clicks. It’s an extension called HTTPS Everywhere.
All this extension does is turn ordinary HTTP sites into HTTPS versions. It essentially secures your movements at every turn.
While I wish every site were diligent enough to just use HTTPS themselves, that’s probably not going to happen anytime soon.
In the meantime, it pays to be prepared.
Take note of a lack of HTTPS on a site, and then don’t give them your information. Or, use a tool that keeps you safe.
If you do somehow get hacked, the earlier you’re able to detect it the sooner you can fix your situation.
I know that dealing with finances on a normal basis is hard enough without the risk of getting hacked, but it’s still important.
And thankfully there are ways to keep track of your money that don’t require day-to-day actions. Automation is your friend here.
Many financial institutions allow you to set up notifications when transactions go through.
For example, my bank allows me to get text messages based on parameters I’ve set:
And this has been useful for peace of mind. It even helped me keep my friends from overdrafting my account once on a shared subscription service.
Tracking transactions like this might sound annoying, but it’s really not that intrusive.
It keeps you up to date on bills, helps you budget, and minimizes any potential damage that stolen information can cause.
But you can do more than just track transactions. In fact, I recommend layering your approach here.
Because let’s say you have multiple bank accounts, a few credit cards, and a loan. Tracking all of that by hand would be far too time-consuming.
Using a service like Credit Karma regularly can help you track multiple accounts in one convenient location:
It’s also great for helping you secure your finances in other ways, but my point here is about security.
Fraudulent activity will impact your credit score and show up in a service like Credit Karma, which makes it a good app to have on your phone.
All it takes is five minutes once a week. There’s really no reason not to use the service.
Your finances will be more secure, and you’ll be able to sleep better at night with that knowledge.
Managing remote workers means different things to different people.
For some, it means working from a home office in their pajamas. For others, it means working from a favorite coffee shop.
And then some lucky souls get to travel the world while they work.
My point is that remote work means using public, unsecured wifi from time to time.
When you’re working on the go, in a coffee shop, or using any type of public wifi, you’re opening up your device to a potential hacker.
This means using a service like a Virtual Private Network, or VPN, can keep you safe.
VPN’s are private, controlled networks that allow you to connect to the internet more securely.
All you have to do is establish a connection with your VPN’s server.
Your browsing and information are then encrypted, which means no one can see what you’re doing. Not even your ISP. The best VPN services make it difficult for anyone to hack you and see what you’re up to.
And as I mentioned, it works via encryption.
Many will have at least a 256-bit encryption key, which means that there are 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,560, 000,000,000,000,000,000,000,000 different combinations to hack your data.
Plus, most VPNs use a specific protocol called OpenVPN to maintain and secure your connection.
Put bluntly, VPN providers will keep you secure and encrypt your online movements so that they’re impregnable.
A data breach while using a VPN to secure your work would take your attacker an unfathomable amount of time.
So looking into VPN services isn’t only smart for remote workers, it’s almost necessary. Some of the top VPN options include tools like NordVPN and IPVanish.
We’ve all received those obviously shady emails from Nigerian princes asking for money. They’re always good for a laugh.
But every now and then, we get semi-plausible messages that pique our interest and don’t ask for much. All you have to do is download a file.
What you don’t know is that the file can ruin your day.
These instances are called Phishing.
Phishing schemes are attempts designed to steal your data and then use said data to steal money or information from otherwise secure locations.
These individuals don’t care what your situation is. Nor do they lose sleep about threatening your livelihood.
Case in point, just a few months ago I was notified by a popular freelancing job board that some phishers posted a highly trafficked “job opening.”
While they couldn’t verify if the attempts had been successful, it’s a scary thought that a legitimate website could inadvertently host a hostile takeover of your information.
There are at least six popular types of phishing, and familiarizing yourself with them can keep you safe while looking for clients or dealing with new people.
And the only foolproof defense you have is to just not click on something you don’t trust.
Whether it’s a file or a link, just don’t take action when you don’t know what’s on the other end.
On the other hand, you also want to make sure that when you send your own business emails, you have proper security settings in place. Use strong SMTP services to manage the entire email delivery process and make sure that your emails arrive on time.
Probably the best yet worst time to be working from home is Girl Scout cookie season.
You can eat as many as you want without any judgment from the rest of the office.
But that’s unfortunately not the type of cookie I’m talking about here.
I’m talking about the types of cookies that websites use to deliver a better user experience and make our lives convenient.
They can save our cart when we accidentally close our browser. Or, they can help deliver customized content that we’re likely to be interested in.
While most of them are harmless, they’re also able to compromise our security.
Which means it pays to be aware of what they’re really doing with your data.
This type of data qualifies as personally identifiable information, which means it can be used to steal your identity.
So I want to teach you how to delete your cookies, specifically on Chrome.
Most browsers have options to do this that are similar, but I want to at least give you an example.
Start by opening the Menu tab on the right-hand side of your toolbar. You’ll see a drop-down menu like this:
Click on the Settings button, and then scroll down on the page until you see the Advanced option.
Now, you’ll want to scroll until you get to the section that says Privacy and Security.
At the bottom, you’ll see a tab that says Clear browsing data.
That will then give you the option to clear a few things. For our purposes, click on the Cookies and other site data button.
Now, all you have to do is hit Clear Data.
Or if you want a shorter route, just type chrome://settings/content/cookies in your browser.
You’ll be able to delete that same information from here.
Either way, all of that personally identifiable information just bit the dust.
Moving forward, you do can simply browse in incognito mode to prevent further data collection. This method automatically kills any cookies after you leave a site. It’s not ideal, but it works.
The only other thing you can do is conduct your occasional cookie purge.
While you might sacrifice a bit of browsing convenience, you won’t be sacrificing your sensitive data. That’s almost as good as a Girl Scout cookie.
This final lesson might be a little expensive, and thus perhaps unrealistic for some, but when possible, I recommend using separate devices for personal and professional matters.
For example, try to only log into bank accounts via your phone or tablet if you primarily use your laptop or PC for work.
This helps mitigate the risk that you’ll be hacked and jeopardize sensitive information about a client, your employer, or your own information.
A device like a cheap Chromebook can let you browse the web for personal matters, while you use a more powerful device for multitasking professional work.
And to keep you from breaking the bank over a tablet, consider something like Amazon’s Kindle Fire collection:
Again, I realize that this adds a little extra weight to your briefcase, but it’s a smart move when security is your priority.
By separating your professional and personal lives, you only risk potentially breaching one set of information at a time.
While that’s still not ideal, it beats losing everything by a long shot.
The need for security isn’t going anywhere, and if you’re a remote worker, then you’re quite literally the tip of the spear when it comes to digital breaches.
While it’s not necessarily my intention to scare you, the realities I’ve discussed here are fairly frightening.
A single misstep can cause an enormous amount of headaches that no one should have to deal with.
That’s why I want you to take these lessons to heart. Protect your passwords and your finances. Look for elements like HTTPS or malicious cookies. Use a service like a VPN to encrypt and protect you.
At the end of the day, your security relies on your actions. Be smart, and stay safe.
With over 500,000 monthly readers, Adam Enfroy's mission is to teach the next generation of online entrepreneurs how to scale their influence at startup speed. He's been featured in Forbes, Entrepreneur, Business Insider, and over 100 marketing publications. You can read his guide about how to start a blog to learn the tactics he used to turn his blog into a seven-figure business in under 2 years.