NIST Privacy Framework : Our Essential Data Protection Guide

Close

Do Your Data Security and Compliance Strategies Consider the Remote Worker?

Prior to March 2020, remote work wasn’t exactly the norm. Yes, more and more companies were starting to embrace it in recent years, but the shift was gradual — nothing compared to the overnight upending brought on by the COVID-19 pandemic. Despite this, many employees adapted quickly to remote work life, and it was clear that business operations could function as normal regardless of location.

Now, even as companies begin reopening their offices, employees want to keep that remote option, thanks to the flexibility, independence and work-life balance it offers. Corporate decision-makers are faced with a dilemma: lose top talent to companies with remote policies or embrace remote work in some capacity. The answer seems simple enough, but while remote work has its upsides, it also comes with increased risks to data security due to the expanded IT perimeter. In order to implement remote work as a permanent fixture, corporate IT and governance teams have to do their due diligence to ensure the security of sensitive data at rest and in transit across endpoint devices, operating systems, applications and networks, despite these no longer being controlled or protected by their companies’ legacy data privacy tools.

Data security risks posed by remote work

Enterprises constantly collect and store massive amounts of consumer data. This data can be used to improve customer experiences, discover new opportunities and inform strategy decisions, as well as to complete day-to-day business operations. Within enterprise boundaries, IT and governance teams could be certain that sensitive data was protected. Remote work requires this sensitive data to be accessed outside of a heavily protected IT infrastructure by devices that lack appropriate security measures, leaving data vulnerable and at risk of cyberattacks. This in turn puts data privacy compliance at risk as well.

Besides endpoint security (or lack thereof), third-party applications and human error can be responsible for sensitive data vulnerabilities within remote work environments.

Third-party applications

It’s not uncommon for enterprises to employ third-party applications to make certain business functions more efficient. They are usually part of greater digital transformation strategies, which have been implemented at accelerated rates as a result of the pandemic. Oftentimes, these applications must process sensitive data in order to execute tasks, but without security protocols in place that are up to par with those of the enterprise, the enterprise’s data is at risk of malicious compromise.

You may recall “Zoombombings,” which saw unauthorized users hijack Zoom meetings to display explicit and disturbing content. These hackers could’ve just as easily bypassed Zoom’s subpar security measures to obtain sensitive information being discussed or presented, putting data privacy at risk. The platform has since fortified its security.

Users

Remote workers themselves can put their companies’ sensitive data in jeopardy via seemingly mindless actions, such as leaving a laptop unattended in public, joining public wifi networks, not having the device locked with a strong password, signing into a work account from a new or unfamiliar device, falling prey to scams or simply downloading a piece of data and not properly disposing it once it’s no longer being used. These actions make it much easier for a cyberattacker to compromise a device and gain access to sensitive data.

How to protect remote workers’ endpoint devices

Now that you’ve considered the ways remote work can put your sensitive data at risk, here’s how you can update your security and compliance strategies to accommodate it.

Make employees aware

Employees need to understand what’s at stake in order to ensure they’re being as safe as possible while working remotely. Communicate the actions and behaviors that could put sensitive data at risk of compromise, such as working from public or other non-secure networks (i.e. coffee shops, hotels and friends’ or family’s homes), as cyberattackers can use these networks to gain access to endpoint devices. They should also be required to implement extra security measures like stronger passwords and two-factor authentication in order to access laptops, cloud storage sites and third-party applications. Lastly, be sure to shed a light on how phishing scams occur and what to look out for. Employees should be cautious of emails from questionable senders or clicking on unknown links. If it’s fishy, it’s probably phishy.

Require the use of a VPN for work-related tasks

A virtual private network promotes privacy by establishing an encrypted connection between an employee’s laptop and the internet. This means that even if employees work from a public network, their activity and sensitive data is protected from cyberattackers targeting public networks.

While VPNs are certainly effective, they only provide one line of defense. What’s keeping sensitive data secure when a remote worker’s laptop is offline? VPNs can’t prevent the copying or sharing of sensitive data. What happens if a VPN connection falters, or an employee forgets to connect to one before working from public Wi-Fi? The answer to these valid concerns can be found in the next and arguably most important protective measure.

Implement a data lifecycle management solution

A data lifecycle management (DLM) solution is the most effective tool to have in your security strategy when it comes to protecting sensitive data in remote work environments. It accurately discovers data wherever it exists online and offline, from laptops and cloud repositories to operating systems and third-party applications. After discovery, a DLM solution dynamically classifies sensitive data as it’s added, altered, copied or shared so it can be protected in accordance with regulatory standards and continuously monitored by IT and governance teams, enabling swift responses to any potential threats.

Ensure your data security and compliance strategies consider the remote worker with Spirion

Spirion’s Sensitive Data Platform can ensure you embrace remote work with your organization’s sensitive data security at the forefront of that initiative. It automatically discovers sensitive data wherever it lives within your organization, including your employees’ laptops, so it can be strategically secured, persistently classified and safely remediated to prevent vulnerabilities. To learn more about how you can bolster your data security and compliance strategies to accommodate remote work, contact us today.