Last year, I wrote a post about keeping your data safe in 7 Tips to Prevent a Data Breach, and since then landscape has changed significantly. While the basic theories remain the same, the scope has increased exponentially because, if you are like us, your staff is almost entirely working from home. So, how can your company continue to protect personally identifiable information (PII) and other consumer data in this increasingly work-from-home day and age?
Let's first look at a few of the challenges that are presented when working remotely.
Network access. Access control lists (ACL’s) that are used to allow access from specific network locations do not include user's home networks. With users working from home, they may no longer have the immediate access they are used to.
New and larger scope. The working from home climate has introduced a whole new scope of risk for IT professionals. Previously, IT staffers would be concerned about a single network ingress and egress, but now they’re having to figure out how to protect as many network entry points as there are staff members.
Mobility. Along the same vein, users are far more likely to have data (and access to data) from mobile devices (laptops, phones, and tablets) that are no longer contained within the corporate network. These devices are at a higher risk of being misplaced or stolen.
New technologies. Most businesses have adapted to virtual meetings to replace in-person, physical meetings. Many businesses were not properly prepared and adopted (out of necessity) popular solutions that introduced additional risks and vulnerabilities.
Remote solutions to protecting your data.
- Identify your new risks. Hopefully, you already have a risk management plan in place. Remote workers add risk. Take the time to understand and document where those risks are and what mitigation techniques you have in place to continue to protect data.
- Provide clarity: Make sure you have updated protocols and policies in place that address how data is to be managed for remote workers. Be clear when there are differences in protocol or policy regarding at-home workspaces versus in-office workspaces. For example, our policy regarding locked workstations continues to apply whether you are working at home alone or working in the office.
- Get written acknowledgment and agreement. Make sure your users have read and understood the new policies that are provided and have signed off. Users are more likely to read through a policy when they are required to sign acknowledgment.
- Do not make exceptions. Working from home can present challenges for your staff trying to access data. Some may be tempted to "temporarily" store a file on their PC because it's easier than connecting to the VPN to access the same data. Make sure policies are clear and that there are no exceptions.
- Perform security audits. Try to virtually audit the user's work environment. Some of the things we check for are up-to-date anti-malware software, current Wi-Fi encryption protocols for users required to use it, up-to-date operating systems and patches, and device encryption.
- Document and use only corporate-approved software. A common, knee-jerk reaction to fill an operational void is to find a software solution that fills that need and instantly institute it into your process. Make sure employees understand that this is risky, and all software should be reviewed and approved by your IT team before using it.
Need more information about how to keep your teams safe during COVID? Contact our IT team today to learn more.