Mitigating Data Security Issues in the Age of Work-from-home

Table of Contents

The door has been opened. Even when work life returns to normal and the pandemic is nothing more than a historical documentary on Netflix, work probably won’t look exactly like it did circa 2019. The #WFH tag will disappear, but working from home likely is here to stay.

That’s because even though the office will become safe again after the pandemic, many workers will continue to insist on work-from-home options. An estimated half of all U.S. full-time workers will leave their employer after the pandemic if work-from-home options are not extended as a permanent option, according to Owl Lab research.

This trend brings with it additional data security issues, however. Security professionals have adjusted to the new environment, but a more durable cybersecurity strategy is required. Nearly 90 percent of businesses right now say they feel vulnerable to data breaches traced back to their team, and a scary 73 percent have experienced sensitive data leaks in the past year.

Thus, it is time for a better work-from-home cybersecurity stance that more effectively mitigates data security vulnerabilities.

With that in mind, here are five security elements worth considering that will cut down on the remote work security threat.

Discover Where Corporate Data Resides

For sure your company has defined policies for how data can and cannot be used when working from home (you did define that, right?). Even the best corporate data policies will suffer from some of the same issues that inflict bring-your-own-device rules, however: Employees won’t always follow the rules, especially if exceptions help drive more productivity for the employee so they can spend additional time with the kids.

The outcome of these little subversions is corporate data that makes its way to personal laptops and places such as Google Drive and Dropbox. Sensitive data could be living in many places you don’t know about and therefore cannot protect.

So with the rise of greater remote work, you should consider software or cloud services that can discover and inventory data resources even when they don’t live on the corporate network.

Establish More Complete Data Classification

Cataloging corporate data both within and outside an organization’s walls is critical, but then there’s the challenge of handling it appropriately.

The knowledge that corporate marketing materials live on a personal computer is less critical than discovering that a customer’s personally identifying information (PII) has been copied to a spreadsheet on an employee’s computer as part of a daily sales call routine. In the case of said marketing materials, a business might look the other way or set up a network drive connection so these files don’t actually reside on the employee’s computer. But leaking PII data might require a talk from management or extra monitoring and access control on the device.

Having automated awareness of data sensitivity and classification can help inform how data is treated, and that starts with rolling out a comprehensive data sensitivity classification program if one does not already exist.

Track Corporate Data Patterns in Real-Time

Depending on the size of your company, you probably have some sort of real-time security monitoring solution in place for sniffing out emerging security issues within the company. This solution should now extend outside your organization so it identifies and alerts your security team of risky behavior even if employees are working from home.

Solutions can monitor corporate resources, cloud drives and employee personal devices so actions like copying spreadsheets or other business data are known and tracked on a real-time basis. With artificial intelligence capabilities, these systems also can potentially spot and security issues before they arise based on subtle cues and past employee actions.

Real-time data tracking solutions help bring the hardened security stance of the office to employees working from home.

Enable Secure Network Connections Through Easy VPN Solutions

Access to your corporate network resources almost certainly runs through a VPN connection. Corporate data and employee activity more likely will take place outside of this network in the work-from-home environment, however.

It isn’t enough that direct connections are protected with a VPN; all employee online activity should flow through a VPN so man-in-the-middle attacks cannot gain a foothold, even personal network activity. In the work-from-home environment, personal and work time mix more fluidly.

To encourage good cybersecurity best practices, you should therefore consider enabling widespread VPN use among employees for all online activity. This can be achieved either through a corporate-provided solution, or through something as simple as a credit for consumer VPN services that exist such as NordVPN or ExpressVPN.

Develop Ongoing Cybersecurity Clinics for Employees

With more than 90 percent of security issues coming from human error, a final way that you can mitigate data security issues from remote work is through more proactive cybersecurity education.

Yeah, I know you already have security education seminars and handbooks. The need for this education is much greater when employees are working from home, however, so one approach is building work-from-home-specific cybersecurity clinics, and getting executive buy-in for these clinics to be an ongoing program tied to other company functions.

It isn’t possible for you to truly enforce good data security practices among employees, but it is possible to enforce company-mandated cybersecurity programs for workers who do their jobs from home.

We’ve all adjusted at this point to the pandemic and work-from-home. But work from home isn’t going away, so it is time for more permanent measures that will boost corporate data security in the face of this new, ongoing trend.

A propos de l'auteur

A propos de l'auteur

FR Lorem ipsum dolor sit amet, consectetur adipiscing elit. Etiam eu turpis molestie, dictum est a, mattis tellus. Sed dignissim, metus nec fringilla accumsan, risus sem sollicitudin lacus, ut interdum tellus elit sed risus.

Recommended for you

The high price of trust - the true cost of insider threats new
Organizations spend significant time and money mitigating external security threats.  While these efforts are absolutely necessary. ...
5 best practices for rolling out your insider risk management program
The way we do business is continually shifting. In the last three years, workforces have gone fully or partially remote, data has migrate...
The true cost of non-compliance - can you afford the risk
A tightening regulatory climate As data multiplies, so do the rules around collecting, using, and protecting other people’s personal, ...
Data classification and inventorying - The foundation of regulatory compliance
Succeeding as a business means capitalizing on data, and managing that information effectively means complying with regulations. These gu...
MTL Connect Oct 12-17 2021 Virtual Event
For the third edition of Montreal Connect, we’re happy to announce that Guy Veilleux, Head of Partnerships at Qohash will be speakin...
Qohash Launches New Qostodian Recon™ Product to Help Organizations Discover and Secure Their Sensitive Data
Qohash’s enterprise-grade data discovery technology is now available for mid-sized companies that want to identify and secure sensitive d...

Contact us​

Sensitive data inventory
Meet PII and PCI audits
Ensure GDPR, NYDFS compliance
Improve data governance
Drive SOC 2 certification
Insider threat monitoring
Lockdown endpoints
Detect policy violations in real-time
Expedite investigations
Quantify risk levels for the Board
Defying legacy limitations
What our customers say