Most organizations plan for the unexpected, but chances are very few prepared for the global pandemic. Sudden shelter-in-place orders led to a huge number of businesses quickly moving to remote operations and outfitting employees with the technology needed to work-from-home (WFH). According to Gallup Panel data, the percentage of employed adults saying they had worked from home because of the coronavirus was 62 percent in mid-April.
For many companies, the WFH adjustment has been quite successful. Remote workforces have been so effective and cost-efficient that many large enterprises, including Microsoft, Morgan Stanley, Twitter, Mondelez, Barclays and WeWork, already plan to modify policies and offer permanent WFH options for their employees. Companies have a lot to consider when it comes to the delicate balance between keeping employees safe and healthy while maintaining a positive bottom line. They have to think about fortifying systems and protocols designed to secure sensitive company data in a time where business-as-usual doesn’t exist. The WFH trend has thrown open the window to a variety of security challenges, revealing new vulnerabilities and increasing the potential for data breaches.
Here’s why: In a WFH environment, sensitive corporate data previously controlled in a secure office environment gets accessed via a combination of personal and corporate assets, including PCs, tablets, laptops and mobile devices. Few will refute that individual home offices are exponentially less secure than a well-protected corporate office and internal network.
So moving corporate data to a new and often unsecure work environment requires a different type of data security discipline in terms of policies, processes and employee awareness. CSOs/CISOs must fortify corporate security defenses and mitigate company risk. These following three steps can help:
- Review and update data security policies.
With more staff working remotely, executives need to examine current policies to determine if they are still valid and/or must get updated. Take data retention, for example. Old policies and processes won’t suffice for home office scenarios where a computer used for work may also get used by other family members and where there’s lax Wi-Fi security. Files stored in WFH environments are much more easily accessed by the hackers and other bad guys, even if the WFH employee uses a VPN.
To combat this risk, new data retention policies are imperative. Some security teams may start by requiring that no documents, files or applications are permitted to remain on a WFH system at the end of the day. An alternative would require them to save to a secure server or cloud file sharing platform and then automatically removed from the WFH devices via a simple script. Every time an employee shuts down or logs out of the corporate system, the script removes sensitive files and folders, any copies that Windows or the Office Suite might have created, temporary files, and any documents that might sit in the recycle bin.
- Raise data security awareness and implement appropriate security tools.
In a normal work environment, executives and employees take for granted that the IT department has security under control. The move to WFH requires a new mindset. Reminding and educating employees about data security issues takes on a new level of importance, especially with pandemic-related increases in hacking, video conference hijacking, phishing, and data breaches. Companies will also want to ramp-up awareness testing to keep remote employees on their toes and cognizant of how bad actors can easily access data from the home office. Awareness and education are important, but security teams also want to update the tools and platforms that can protect against data breaches, while minimizing the attack surface. So even if someone does make a mistake, such as opening up an attachment they shouldn’t have, it’s important to minimize the type of data that hackers can steal from the home office.
- Use regular, automated backups.
If it hasn’t happened yet in an organization, the time has come to add a company-wide, fully-automated cloud backup process. Many organizations have empowered employees to manage their own backups, but it’s better to automate the process and take advantage of remote management via the cloud. The advantages are clear: Automated backups run in the background causing little to no disruption to the employee. They also eliminate the risk of employee forgetfulness. Moreover, this approach does not require a VPN connection. Companies can run the entire backup process with cloud backup services that work around on-prem restrictions and limitations. Cloud-enabled, automated data backup can also securely erase data from the old equipment remotely. With the ability to perform data sanitization over a remote connection, security teams can simplify the process of securely collecting IT assets from home offices. Instead of having to protect data as well as the asset during physical transport, organizations can focus on normal asset logistics and significantly reduce cost and complexity.
It’s pretty clear that once initial kinks were worked out WFH has been a successful strategy for many companies. Employees have remained safe and healthy while businesses have continued to effectively operate during chaotic and uncertain times. Now’s the time to take a long-term view as COVID-19 will most certainly impact our daily lives and the world economy for the foreseeable future. For businesses, this requires taking a deep dive into security policies and processes and making necessary adjustments that will help mitigate data security risks. While there are many aspects to ensuring business continuity, data security initiatives are important elements for helping companies continue to operate under dire circumstances, including the ongoing pandemic.
Fredrik Forslund, vice president of cloud and data center erasure, Blancco