Data Security and the Distributed Workforce

With many businesses adopting, or at least temporarily accepting a work-from-home model as a response to recent global events, cybersecurity experts around the world are raising the alarm on the increased threat of data breaches.  On March 06, 2020, the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency provided guidance on how to protect against scams exploiting coronavirus fears.  Other agencies, such as the World Health Organization (WHO), have done the same.

Working Remotely extends the Data Risk Plane

We are now hearing from our own customers who are swiftly relaxing their company work from home policies.  Most often this is entailing allowing employees to work remotely on company-issued laptops or desktops and, allowing them to use file-sharing or file-collaboration platforms in the absence of face-to-face meetings.

While this is certainly the right response to mitigating current concerns, enabling a distributed workforce does come with its own set of considerations that must be properly addressed.  Company desktops, laptops, USBs and other removable media devices used by staff often contain highly-sensitive client information. Some of these employees have worked solely in a desktop environment, like call centres, or support teams, so both they and their devices currently lack the appropriate level of authority to work remotely, further burdening these organizations.  And making sure these devices are protected when leaving the premise is critical.  Case in point, a recent laptop theft in Oregon exposed the personal and health-related data of 654K patients. What is currently unknown is whether or not the data on that laptop was encrypted or not.  Let’s hope it is for all involved.

And what about all these new file-sharing and cloud collaboration tools and platforms?  Yes, they are the future of the workplace, and a fantastic way of maintaining or even increasing business productivity.  But, does your organization have the proper means and security in place for authentication of the users, and protection of the data?  Are you relying on traditional and dated means of Identity Access Management?  Can you audit and report on protection status, or even wipe the encryption keys in the event of a theft?

The most important question of all? Are you confident that should a device be stolen, lost, or accessed, or your collaboration tools breached, will your data be sufficiently protected?

The Cost of Data Loss

With the ease in which data flows across networks and organizations, and the risk inherent in allowing large audiences of personnel to have access to that data, organizations need to be confident that customer records and organizational data is secure whenever or wherever it is being transported or stored.  Unfortunately, losing sensitive data could put the employee, client, company or individual at both financial and reputational risk. In fact, to help in assuring data privacy, most federal, state and local governments all have legislation and compliance regulations that set out the ground rules for how businesses must handle personal information in the course of commercial activity. Add on top of that regulations like HIPAA, PCI-DSS. Failing to comply with any of these regulations could result in massive fines that can cripple a business.

Data Security Planning

To protect against data breaches, data security governance must be a fundamental part of the design and implementation, not an afterthought. Businesses need to establish and define the security goals and needs of the organization before implementing change.  Lost or stolen devices, intrusion, or internal threat from a bad actor could all result in a data breach. Companies require comprehensive encryption, authentication, and key management solutions to adequately protect data. With encryption in place, a lost or stolen device is essentially rendered unreadable or unusable without the encryption keys – this is your only guarantee.

By properly managing your authentication policies, you can also manage the level of access given to any employee or associate and, have complete control over keys should immediate decisions need to be made regarding access rights. The proper encryption solution will also provide the necessary management tools to allow for reporting and auditing, as required for regulatory compliance.

The Fundamental Shift in Data Security

The current global situation will likely be looked upon as the inflection point for both a longer-term shift to distributed workforces, and a greater corporate responsibility for data security.  Make sure that your organization is properly prepared to take on this shift.

To learn more about how to protect the privacy and security of your data, devices and users, read how WinMagic can meet your enterprise data security needs.