As “work from home” continues months into the COVID-19 pandemic, for most businesses, the big logistical issues in the transition have largely been resolved. Home offices are fully stocked and remote access is configured. However, these remote work environments present new cybersecurity and legal risks which must be addressed now, before they become a problem.
A business can’t effectively protect its data if it does not know where that data is stored. With more employees working from home, electronic data formerly confined to company servers may be finding its way onto personal devices. In addition, confidential physical documents may be left unsecured in living rooms or thrown out in residential trash cans. Understanding and controlling where remote employees are keeping sensitive data is essential for businesses to implement the measures necessary to protect that data.
Businesses should also consider making efforts to protect their data with additional technical security measures. For example, multi-factor authentication adds another layer of security, and it has been increasingly implemented by businesses whose employees are working from home during the pandemic.
When employees first started working from home during the pandemic, many businesses rapidly migrated their data processing activities to the cloud. Some may presume that their data in the cloud is secure. But, cloud-based platforms vary, and businesses themselves also play a role in securing cloud data. Taking another look at any agreements with cloud service providers, as well as those providers’ security practices, will help businesses better understand risks and gaps relating to cloud data storage and processing.
Businesses can further protect sensitive data and reduce the likelihood of a breach by limiting access to only those employees who need it. For example, marketing teams generally don’t need access to social security numbers. If, during the transition to work from home, permissions were broadly granted, now is a good time to reevaluate and ensure that the right people have the right access to the right data.
Although businesses can implement a wide range of technical solutions to improve cybersecurity, it is important to remember the critical role of the employee. As employees work remotely in much greater numbers, they are prime targets for cyberattacks and data breaches. Businesses should continue to educate and remind employees about common cybersecurity risks, particularly social engineering attacks such as phishing.
While cybersecurity risks continue to grow with the increase of remote working, businesses of all sizes can take additional steps to mitigate those risks and help safeguard their organizations into 2021 and beyond.