Mitigating Data Security Issues in the Age of WFH

Mitigating Data Security Issues in the Age of WFH

Mitigating Data Security Issues in the Age of WFH

The door has been opened. Even when work life returns to normal and the pandemic is nothing more than a historical documentary on Netflix, work probably won’t look exactly like it did circa 2019. The #WFH tag will disappear, but working from home likely is here to stay.

That’s because even though the office will become safe again after the pandemic, many workers will continue to insist on work-from-home options. An estimated half of all U.S. full-time workers will leave their employer after the pandemic if work-from-home options are not extended as a permanent option, according to Owl Lab research.

This trend brings with it additional data security issues, however. Security professionals have adjusted to the new environment, but a more durable cybersecurity strategy is required. Nearly 90 percent of businesses right now say they feel vulnerable to data breaches traced back to their team, and a scary 73 percent have experienced sensitive data leaks in the past year.

Thus, it is time for a better work-from-home cybersecurity stance that more effectively mitigates data security vulnerabilities.

With that in mind, here are five security elements worth considering that will cut down on the remote work security threat.

Discover Where Corporate Data Resides

For sure your company has defined policies for how data can and cannot be used when working from home (you did define that, right?). Even the best corporate data policies will suffer from some of the same issues that inflict bring-your-own-device rules, however: Employees won’t always follow the rules, especially if exceptions help drive more productivity for the employee so they can spend additional time with the kids.

The outcome of these little subversions is corporate data that makes its way to personal laptops and places such as Google Drive and Dropbox. Sensitive data could be living in many places you don’t know about and therefore cannot protect.

So with the rise of greater remote work, you should consider software or cloud services that can discover and inventory data resources even when they don’t live on the corporate network.

Establish More Complete Data Classification

Cataloging corporate data both within and outside an organization’s walls is critical, but then there’s the challenge of handling it appropriately.

The knowledge that corporate marketing materials live on a personal computer is less critical than discovering that a customer’s personally identifying information (PII) has been copied to a spreadsheet on an employee’s computer as part of a daily sales call routine. In the case of said marketing materials, a business might look the other way or set up a network drive connection so these files don’t actually reside on the employee’s computer. But leaking PII data might require a talk from management or extra monitoring and access control on the device.

Having automated awareness of data sensitivity and classification can help inform how data is treated, and that starts with rolling out a comprehensive data sensitivity classification program if one does not already exist.

Track Corporate Data Patterns in Real-Time

Depending on the size of your company, you probably have some sort of real-time security monitoring solution in place for sniffing out emerging security issues within the company. This solution should now extend outside your organization so it identifies and alerts your security team of risky behavior even if employees are working from home.

Solutions can monitor corporate resources, cloud drives and employee personal devices so actions like copying spreadsheets or other business data are known and tracked on a real-time basis. With artificial intelligence capabilities, these systems also can potentially spot and security issues before they arise based on subtle cues and past employee actions.

Real-time data tracking solutions help bring the hardened security stance of the office to employees working from home.

Enable Secure Network Connections Through Easy VPN Solutions

Access to your corporate network resources almost certainly runs through a VPN connection. Corporate data and employee activity more likely will take place outside of this network in the work-from-home environment, however.

It isn’t enough that direct connections are protected with a VPN; all employee online activity should flow through a VPN so man-in-the-middle attacks cannot gain a foothold, even personal network activity. In the work-from-home environment, personal and work time mix more fluidly.

To encourage good cybersecurity best practices, you should therefore consider enabling widespread VPN use among employees for all online activity. This can be achieved either through a corporate-provided solution, or through something as simple as a credit for consumer VPN services that exist such as NordVPN or ExpressVPN.

Develop Ongoing Cybersecurity Clinics for Employees

With more than 90 percent of security issues coming from human error, a final way that you can mitigate data security issues from remote work is through more proactive cybersecurity education.

Yeah, I know you already have security education seminars and handbooks. The need for this education is much greater when employees are working from home, however, so one approach is building work-from-home-specific cybersecurity clinics, and getting executive buy-in for these clinics to be an ongoing program tied to other company functions.

It isn’t possible for you to truly enforce good data security practices among employees, but it is possible to enforce company-mandated cybersecurity programs for workers who do their jobs from home.

We’ve all adjusted at this point to the pandemic and work-from-home. But work from home isn’t going away, so it is time for more permanent measures that will boost corporate data security in the face of this new, ongoing trend.

Latest posts

Ethical Hacking Lifecycle: From Planning to Reporting
Blogs

Ethical Hacking Lifecycle: From Planning to Reporting

Read the blog →