Corporate data no longer lives in the safe confines of IT-managed data centers. It now often lives at home with remote workers. This is a huge problem for businesses.
Telecommuting and work from home has existed for decades, but the Covid-19 pandemic has accelerated the trend. Almost 70 percent of full-time workers in the U.S. now work from home, according to research from Owl Labs, and half of workers won’t return to jobs that don’t offer remote work after the pandemic has passed.
The problem for businesses is that this remote work megatrend puts corporate data at significant risk just as data protection is becoming a hot topic for governments and consumers worldwide. Roughly 90 percent of organizations report feeling vulnerable to data breaches traced back to their team, according to a study by Crowd Research Partners.
There’s good reason for this concern, too. Nearly 73 percent of businesses encountered leaks in sensitive data and data spillage this past year, according to Microsoft research. There might be a host of benefits from remote work, but data security is not one of them.
The cost of data leaks and spillage from remote work can be huge, too.
Fines from Privacy Regulations
The most well-known data privacy legislation is Europe’s GDPR regulations, the initial cause for all the privacy notices that began appearing on websites a couple of years back. But more than 107 countries now have data privacy regulations, including strict new privacy rules in states such as California and New York.
The cost of leaked customer data can be huge. With California’s data privacy regulation, for instance, there is a $7,500 fine per individual data violation. GDPR violations are even more severe, with even minor violations potentially triggering fines of 2 percent of a company’s revenue or sums reaching $11 million.
Brand Reputation Damage
Businesses take responsibility for safeguarding personal identifying information when they store data such as names, addresses, credit card information and customer behavior, among other data. This is a core pact between a business and its customers.
That’s why nearly 80 percent of those asked in a recent Pew Research Center survey said they were “somewhat” or “very” concerned about how businesses use their personal data.
When this data is leaked, a company therefore faces a severe hit to its brand reputation. Leaked data can lead to reduced trust in a business, loss of sales, and even lawsuits from aggrieved customers. Leaked customer data is a public relations nightmare with tangible financial costs.
Data Breach Recovery Expenses
First there is the public relations disaster when data escapes a business through a remote worker, then there is the data cleanup nightmare. Handling a data breach and ensuring that it doesn’t happen again is typically a time-consuming, costly activity that can sap significant resources from a business and sometimes destroy it.
It takes an average of 280 days to fully clean up a corporate data breach, according to the IBM research. The global average cost of this cleanup is $3.86 million. That can sound like a paltry sum for U.S. firms that suffer a data breach, however; the average cleanup cost in the U.S. is $8.64 million.
How to Keep Remote Business Data Safe
For businesses with remote workers, there are four key steps for ensuring that corporate data stays safe even when employees work from home.
1. Know Where All the Data Lives
The first and most important step is having an accurate inventory of all company data and where it resides. Without visibility, there cannot be protection.
Fully cataloging corporate data requires scanning network drives, auditing employee laptops, and understanding all business data flows so there is a complete picture of what must be secured.
2. Classify Corporate Data
There are levels of security. Not all data is equally sensitive, so different types of business data will require different levels of protection. Sensitive data such as customer records, intellectual property and regulated data require a stricter set of safeguards than organizational charts or a company’s sales playbook.
So the second step for securing remote business data is classifying each type of business data, and assigning it a sensitivity level. From this, a business can prioritize specific sets of data and map out the most appropriate security measures for each.
3. Deploy and Enforce Strict Access Controls
A huge part of protecting data is controlling access. If a remote employee doesn’t need access to a sensitive data repository, that’s one less opportunity for a data breach.
So once corporate data is cataloged and classified, businesses should define appropriate access controls for each group of employees and put software solutions in place that provision and strictly enforce those access controls.
4. Monitor Real-Time Data Flows
The final piece of the puzzle is monitoring data flows in real-time so a business knows where data is moving even after all data has been cataloged, and to spot risky behavior that could impact data security. This is especially critical for businesses with remote workers, since visibility and control typically are reduced.
Even five years ago, this level of real-time data monitoring and analysis often was not possible in a work-from-home environment. But just as technology has advanced to enable widespread remote work, security solutions now exist that can monitor all corporate data resources in real-time without being overly cumbersome or invasive.