With many businesses adopting, or at least temporarily accepting a work-from-home model as a response to COVID-19, cybersecurity experts around the world are raising the alarm on the increased threat of data breaches. Here are 7 tips to help your company keep data secure while being corporately responsible.
- Employees: Who has access, who should not, and what’s the right move?
Organizations need to have a tight grip on employee rights management so that your sensitive data does not depart with your employee, or, be open access to anyone. Check that authorized individuals in the organization can assign access rights and credentials quickly and, be able to delete them just the same.
- Apply least privileges to identity access management
Organizations should be constantly assessing rights management. As roles changes, so should access rights. This is specifically important for project-based roles, where access to sensitive data may be needed for a migration, or a business operations exercise, like enabling a distributed workforce. Your end goal is to minimize the access any individual has to data or systems that contain critical data. Minimize the access = minimize the risk.
- Endpoints: Inventory everything – new and old
For a variety of reasons, IT leaders are providing their deskbound employees with more choice than before when it comes to their devices. This has many favorable outcomes:
- It’s less capital intense for the enterprise
- Employees who work on devices with which they are more comfortable, are more productive
- Running a wider array of devices and operating systems, can be help reduce exposure to crippling software related bugs or OS version-specific malwares.
But it does have its drawbacks, too: A continuous cycle of new and old devices means that you need to increase your efforts to protect all types of devices, keep them all in-check, and make sure they are wiped when no longer in use.
The only way to truly protect your data is to encrypt it. No other solution is as formidable, or secure.
- Encrypt all laptops (and desktops)
We’re all human, and humans forget things. Unfortunately, laptops are commonly lost or stolen as they are left unattended in cars, on café tables, or in meeting spaces. As these devices shift from the office environment to homes, make certain they are encrypted. If they do go missing, the any data will be unreadable if accessed by a bad actor. Better yet, increase security controls with services such as multi-factor authentication or pre-boot network authentication to make sure no user can even gain access to the device without proper credentials.
- Protect your files and folders
Employees are constantly sharing file and folders, whether or not they are home, or in the office. Users should be encouraged to encrypt individual files and folders that they wish to protect. This serves as an additional layer of security on top of full disk encryption
And if those files are in the cloud, make sure that they are encrypted, and that only your company has access to the encryption keys.
- Lockdown your removable media devices
As your employees shift to home offices, they may be tempted to take along data or share it using insecure removable media devices like USB, CD/DVD’s etc. Make sure to encrypts all removable media devices and its content – automatically through disk access control policies, where possible.
- Search in the shadows
Your cloud adoption may be enterprise-driven, or employee-realized through Shadow IT applications such as consumer instances of DropBox, GoogleDrive, or other file-sharing applications. 96% have already moved at least one application or a portion of their infrastructure to the cloud, willingly, or not. It’s a clear illustration of where IT is shifting. (Source: 2018 IDG Cloud Computing Survey)
In many ways, Shadow IT is helping to make businesses more competitive, and employees more productive, especially in a work-from-home environment. However, while IT is no longer responsible for the physical infrastructure or even managing the application, it’s still responsible for ensuring security and compliance for the corporate data employees upload to cloud services.