How to Safeguard Data When the Majority of Your Workforce is Remote?
Remote work has become the new norm all over the world. While giving employees remote access to the company’s network helps keep the business going during these unprecedented times, ensuring secure remote work comes with challenges.
The COVID-19 healthcare crisis has compelled many companies to adopt work from home policies. This shift that had to be managed almost overnight by most businesses brought many security compromises and generic strategies that may prove inadequate in the long run. Millions of employees started handling sensitive work data outside their office for the first time. In the absence of a controlled office environment, working remotely makes data more vulnerable, especially for companies without solid work-from-home (WFH) plans.
Malicious outsiders can easily take advantage of the chaos, targeting vulnerable or sensitive infrastructures amid the pandemic. Insider threats, including social engineering attacks, sharing data - accidentally or intentionally - outside the company, using unauthorized devices, and physical theft of company devices, are also more likely to happen. Employees, freed from the restrictive policies of company networks, might take security practices less seriously and endanger the data they take home with them. Companies cannot control who comes and goes in the home of an employee, whether third-parties have access to a work device or employees choose to work in public places such as parks or cafes.
Here are some practical steps you can take to safeguard your sensitive data with a WFH workforce.
- Utilize a VPN
Virtual Private Networks (VPNs) are one of the most recommended precautions for remote workers. Touted as privacy and security must-haves, VPNs are an easy and cost-efficient way to protect your company’s network connections and data. By deploying a VPN, organizations can ensure that data moves securely between the company’s core systems and employees’ devices. VPNs add an extra layer of security, encrypting the transmitted data, hiding the IP address, and masking the location of the sender. Some VPNs offer military-grade 256-bit encryption of your data. By preventing others from accessing your connection, a VPN can keep transmitted information anonymous and secure. Using a VPN is especially useful when connected to public WiFi, often less secure and usually not password-protected.
- Protect data with encryption
Encryption is also an essential part of secure remote work for both data stored on devices (aka data at rest) and data on the move (aka data in transit). In the case of data at rest, encryption is an especially useful preventive measure against cyberattacks. It can also ensure that if devices are stolen or forgotten while outside the office, data can’t be accessed by unauthorized people. Hard drive encryption has become a standard tool, and it is included in the most popular operating systems: BitLocker in Windows and FileVault in macOS. Individual files can also be encrypted through these tools, allowing companies to add an extra layer of security to sensitive data files. As these native encryption tools don’t require any additional investment, companies are strongly encouraged to request their employees to use them.
When in transit, data is in its most vulnerable state; as it travels, both inside and outside, the company is exposed to many risks, such as human error, network failures, insecure file-sharing, or malicious actions. And, with the rise of remote work, data travels more than ever before. By setting up a VPN, data sent over the internet is automatically encrypted and, thus, protected. However, this is not the only situation when data in transit needs encryption. Removable devices, and USBs in particular, are an easy pathway for data loss as they are easy to conceal, steal, and lose. Some Data Loss Prevention (DLP) solutions provide USB encryption, allowing organizations to automatically deploy an encryption solution to all USBs connected to a company computer. This way, it can be effectively ensured that any sensitive data copied onto USBs will be encrypted.
- Apply DLP policies on the endpoint
Another way of ensuring your data security in the age of WFH is by applying data protection policies on the endpoint. This way, data protection software is installed directly on devices rather than at a network level, and policies will stay active regardless of the location of a device.
Endpoint DLPs such as Endpoint Protector by CoSoSys can support remote compliance by focusing on special categories of data such as Personally Identifiable Information (PII). These solutions are deployed on each endpoint, providing content discovery, preventing data leakage through storage devices, and safeguarding data when a device is outside the corporate network. By applying policies directly to sensitive data, DLP tools help companies monitor and control the transfer and use of personal information remotely, ensuring that it is not sent to people without access or uploaded to unauthorized third party services.
In these challenging times, cybersecurity has also become a priority for businesses. Guided by these steps, organizations can ensure both efficiency and security in distributed offices. Thus, employees can work from home productively while keeping company data secure.
Written by Beata Berecki, Endpoint Protector by CoSoSys