What Does Data Security Look Like When Everyone Is Working Remotely?

by / ⠀Career Advice / July 15, 2020
what does data security look like

In the best of times, few companies practice proper data security. When COVID-19 struck, requiring months of remote work, virtually no IT team had dotted its i’s and crossed its t’s.

Data security is a cat-and-mouse game. Cybercriminals are always looking for new vulnerabilities, and widespread, seat-of-the-pants remote work is a tantalizing one.

To stay a step ahead, you have to know the risks. Here’s what the data security landscape looks like while people are working from home:

1. BYOD by default

Although bring-your-own-device policies have gained steam for years, remote work has made BYOD the norm. The trouble is that there’s no in-office oversight around which devices workers connect to the company’s network.

From an employee’s perspective, it might seem harmless: What are the chances of an old laptop infecting the whole network? Who cares if a tablet’s operating system hasn’t been updated in years?

If your company has a SIEM system, you may feel insulated from device-driven threats. But without SOAR security, malware on one device can spread rapidly across a network. SIEM-as-a-service providers like StratoZen use SOAR to automate security orchestration and response. While not truly hands-off, it can drastically cut response times and the need for human intervention.

Even with SOAR, it’s important to ensure that the networked systems can “talk” to each other. Always ask team members to check with you before they connect a new device to the network.

2. Fresh phishing schemes

One truth of information security hasn’t changed during the pandemic: Human error remains the chief cause of breaches. What’s changed are the social engineering schemes that bad actors are using.

See also  Cloud Access Security Broker: A Wise Business Investment

In the age of COVID-19, they tend to take three forms:

  • Workplace policy emails

Cybercriminals know that corporate policies are evolving to accommodate remote work and social distancing. Unfortunately, they also know that workers are a lot less likely to question emails supposedly from work when they can’t pop over a cubicle to ask the apparent sender. The result is a rash of emails with links to fake company policies that, in fact, initiate a malware download.

  • CDC alerts

Pretending to be associated with the U.S. Centers for Disease Control, phishers are sending emails that claim to link to a list of local coronavirus cases. Remind team members that individual medical records are private under HIPAA, and CDC officials aren’t about to violate a federal healthcare privacy law.

  • Health advice memos

Playing on people’s desperation to protect themselves from the virus, some phishers send emails with fake links to safety measures. Point out to your employees that medical breakthroughs aren’t announced through personal emails.

3. Emboldened insiders

In some cases, employees themselves are the ones who compromise a company’s data. When team members with bad intentions work at home alone, they may be more likely to pull the trigger than when working in the same room as the rest of the team.

Although SIEM systems alone can’t catch authorized users in the act, they often can when supported by UEBA tools. Short for “User and Event Behavioral Analytics,” these systems look for signs that a team member is acting suspiciously. If a member of the social media team suddenly tries to download customers’ payment data, a UEBA tool is likely to flag the activity.

See also  4 Ways to Protect Your Online Business in 2022

4. Temptations around unauthorized access

Within households, devices are often shared. Someone using the desktop computer to surf the company’s network may be the employee, but it might also be that employee’s roommate.

COVID-19 has raised the stakes around unauthorized access in two ways: Not only are more people staying home, but they’re also experiencing financial difficulties thanks to the economic fallout. They may be tempted to make a quick buck by downloading company data when the employee in the house isn’t looking.

Here, the best defense is low-tech: Encourage employees to use only devices they have access to for work. If a device must be shared, ask that team members maintain separate, password-protected accounts. Make sure employees log off after each session.

5. More public Wi-Fi networks

Because internet access is critical for remote work, companies like Comcast have expanded access to their public Wi-Fi hotspots. The problem with public Wi-Fi networks is that they make it easy for data to be intercepted by someone else on the network.

Ensure that any team member who needs to access sensitive internal systems on public Wi-Fi uses a virtual private network like this VPN. A VPN encrypts data in transit, but it’s not failsafe.

Remind users that VPNs cannot prevent phishing attempts. Keep VPN software updated with the latest security patches and implement multi-factor authentication on all VPN connections.

The abrupt shift to remote work caused by COVID-19 is challenging enough. Don’t let security breaches make it that much more of a headache for your team.

About The Author

Kimberly Zhang

Editor in Chief of Under30CEO. I have a passion for helping educate the next generation of leaders. MBA from Graduate School of Business. Former tech startup founder. Regular speaker at entrepreneurship conferences and events.

x

Get Funded Faster!

Proven Pitch Deck

Signup for our newsletter to get access to our proven pitch deck template.