A business owner’s guide to secure data among remote teams
Online and remote work is becoming more and more mainstream as online businesses grow, small businesses leverage the power of freelancers, etc. While this provides previously-unavailable options to small business owners for finding employees, it comes with its own set of challenges. One of the largest downsides to having exclusively-online employees is having to essentially hand over the keys to the castle when it comes to permissions. All it takes is one angry employee to wreak havoc on a business, ruin professional relationships, and even erase key data.
How does a small business owner keep this from happening? It’s not realistic to give up on remote employees because of the potential risk they pose. Even on-site employees have the power to cause problems, so the issue isn’t purely the fact that employees are remotely based.
There are steps you can take in your business today to decrease the threat of disaster with your employees, both online and on-site. While there will never be a way to manage a team risk-free (let’s face it: even just running a business is a risk in itself!), being smart about how you work can mitigate as much as possible.
Use a password manager
Probably one of the worst (if not the absolute worst) mistakes you can make is to hand out your own personal passwords like Halloween candy. While it may seem like the simple and logical way to get new employees and contractors access to what they need for the job, using one set of login credentials for everyone can be disastrous. An easy way to control who has access to which login details is to use a password manager like LastPass or Dashlane.
A good password manager:
- allows you to store all the login details to the apps and websites you use,
- auto-fill those details instead of manually typing them,
- and give or revoke permissions to any given person at any time.
Many password managers even include the option to allow an employee to only autofill a password, not actually see what the password is.
With features like this, all you need to do to revoke an employee’s access to your sites and programs is:
- Only give login details through the password manager
- Change their access status when necessary
Easy peasy, and you’re not left to change thirthy-three of your own passwords in the event of a breach.
Store documents centrally
Picture this: you have a contractor who’s been working on a project for a client for weeks. He’s been slacking off, and you’ve had about enough. You now have to choose between firing the contractor (risking him not sending you his progress) and suffering through the rest of the project (hoping he’ll get everything done). This is a legitimate threat when important documents are scattered among your employees’ own devices.
Having a central drive where all important documents and ongoing work lives not only allows easy collaboration and progress monitoring, it also keeps situations like the one above from happening. A tool like Google Team Drives or OneDrive (or, if you want to get fancy, Microsoft SharePoint) allows you to house all working documents in one place as well as control who has access to what. Granted, in order for this system to work, you’ll have to keep a policy of all work being done in the cloud in real time. That seems like a small price to pay for greater peace of mind.
The ability to grant differing permissions to people is a game-changing benefit of centralized file-storing tools. Assigning the correct permissions is a major piece in keeping your workflows up and running with as little risk as possible. If Contractor X is only given edit permissions for the precise folder housing the file he’s supposed to work on, he can’t burn your entire company to the ground if he decides he’s had enough. In the worst case, you’ll lose a file or two instead of key bits and pieces of data.
KISS (keep it simple stupid)
We live in a day and age where about fifty different tools for every imaginable scenario exist, and it’s easy to get caught up in the shiny features and pretty interfaces of whatever the latest-and-greatest is. The problem is this: when you have fifty tools your team uses and has individual accounts for, that means having fifty accounts to close and shut off access to when a team member leaves.
Sometimes specific, targeted tools are necessary to get the job done, but often workflows can be simplified into a few versatile platforms. I highly suggest taking an inventory of every tool your team is using, looking at functionality, and condensing that list as much as possible.
Have an exit process
I’ve been there before, where I finally let an under-performing, bad-attitude-having employee go under not-the-best terms then have to scramble to turn off his or her permissions before anything bad happens. It’s not a fun feeling. In fact, I’d argue it’s the least-fun game of chance ever.
The best way to make sure to have a smooth transition is to have a plan in place for what happens when employment ends. This can be as simple as a 5-bulletpoint Google document you check off and as complex as you can dream it to be. The goal is to have some sort of protocol for what happens when a member from your team is leaving.
An easy way to create your exit process is to make a list of all the websites and programs each employee or contractor has access to as that access is given. When it’s time to shut it down, all the guesswork is gone. Simply pull out your list of access points and check them off as you take care of each one. No more last-minute scrambling, only to realize days later that you forgot to close down important logins.
Conclusion
Whether your company has been around for a few months or a few decades, you want to protect what you’ve built. Taking the time to evaluate where you’re at and make changes will not only give you greater peace of mind, it will also help keep disasters you never dreamed of from happening. As the saying goes, better safe than writing apology notes to all your best clients.
