The Work From Home Data Risks: A New Perspective
The COVID-19 pandemic changed the landscape of the corporate world drastically. Rolling lockdowns, shelter-in-place orders, bans on gatherings for safety purposes, and international travel restrictions meant the world could no longer function as it had during pre-pandemic times. This shift was equally impactful for businesses and how they oversaw the use of their digital resources.
As trade shows moved swiftly to an online model, meetings happened from the couch in the living room, and company parties meant saying cheers and sharing a glass of wine over a Zoom call, many organizations had little time to consider how their technology strategy could be effectively migrated—sometimes with disastrous results.
The transition to this WFH culture on such a large scale and at this level was unforeseen, but it has happened nevertheless—we are still living and working in predominantly hybrid environments. While initially there were talks of this transition being short-lived and people resuming ‘normal’ lives after a few weeks of “flattening the curve,” it is clear to us now that the WFH model is here to stay. After all, organizations and employees alike are seeing the numerous benefits of working from home.
From the company perspective, there are three primary benefits:
- Saving significantly on real estate expenses. With staff working from home, organizations don’t have to spend as much on renting office space or supplying work materials.
- An increase in productivity. While some had speculated that working from home would see losses in employee productivity, the hard data says otherwise.
- A drop in absenteeism and employee turnover. The flexibility offered by work and travel, family time, and the absence of commuting saw gains in employee retention and job satisfaction, especially for employees with children or elderly parents who require caregiving.
In light of these benefits (for both parties), it is doubtful that we will ever go back to the traditional office setup. What is more likely to take shape is a mixed environment where employees mainly operate remotely and perhaps step into the office once in a while for catch-up sessions.
As homes expand to accommodate office space, traditional office spaces will shrink to include only a conference room for in-person meetings—a far cry from the cubicle maze and lunchroom lineup to use the microwave.
While this new model makes perfect sense from a productivity standpoint, there’s something here that you can’t ignore—data security. WFH may keep your staff safe during the pandemic, but it may put your data at risk and jeopardize your system security if you don’t take the proper precautions.
Why is this? WFH often involves employees using their own devices for work purposes. This blurs many of the boundaries as to how data travels between people and servers. It also raises several questions of access and user management from the data security perspective. These risk factors make it imperative that your organization has mechanisms to mitigate possible data loss, leak, or misuse.
There are multiple considerations one should keep in mind with the work from home data risk environment. Some of them include:
Restrictions on Installing Firewalls, Antivirus, System/Software Updates, and Security Patches
When your employees are in the office physically and using your computers, you can install firewalls and access control mechanisms. For example, you can block non-work-related sites or sites with 3rd party cookies or set up password policies for them to follow when using the device. However, if they are working from home and using their own devices, there is no way you can install firewalls or have access restrictions at the system level.
Similarly, while you can ensure your work computers are up-to-date regarding security patches, system updates, and software upgrades, you can’t force an employee to install security patches or antivirus on their personal computer at home. These security gaps open their devices up to attacks which can then infect your system.
It’s because of these reasons that we recommend that all work from home data risks are considered. One must ensure that staff are given company-owned and managed devices to use in their work.
Keeping Your Data Safe After an Employee Quits
While your employees are working from home using their own devices, how can you be sure you recovered all your data? Or erase it permanently from their devices after their contract has ended? How do you ensure they don’t have a copy of the sensitive information stored somewhere that could be misused intentionally or unintentionally, causing a data breach?
Data management systems and procedures must be implemented and followed to answer for these contingencies. When an employee is using a company-owned device you can remotely lock it and ensure the data is protected through proactive measures like disk encryption and remote backup.
Safeguarding Access to Your Data in Case of Unexpected Events Such as Device Theft or Breakdown
If your employee is using their personal device for work and it gets stolen, how do you handle the data loss and any data compromise that could follow? Similarly, if something goes wrong with their device, how do you ensure your data is not lost and your work is not stalled? Also, if the device goes into repair, how can you be sure of the security of your data then?
These considerations and more must be considered when allowing staff to use their devices to handle and store sensitive company data.
Challenges Brought on by Device Sharing
If your employees use their own devices for work purposes, you can’t stop them from sharing their devices with friends and family. But, device sharing can put your data at risk of being stolen.
Employees must be aware of and follow proper conduct when it comes to device sharing, and your systems must be able to control access to employees between levels. For instance, not all employees should have access to high-security files or programs—these should be protected by multi-factor authentication, encryption, and trusted to only highly trained individuals.
Remember WFH is Not Necessarily Just Work From “Home”
When we use the term WFH, the first image that comes to mind is of a person sitting in their living room or home office desk and working on a laptop. It is important to remember that this is not always the case.
When you follow the WFH model, it enables your employees to work from anywhere. The recent ‘workation’ (work+vacation) trend catching on is a testimonial to this—for all you know, your employee may be working from the Starbucks two provinces away. They may even be at the airport sending that last report in before they take off for a vacation. In all of these instances where they may be using public Wi-Fi networks, it is a compound risk for your data. Cybercriminals are known to target many victims at these unsecured locations.
Let’s face it—the work from home data risk environment coupled with the BYOD (bring-your-own-device) makes organizations much more vulnerable to cybersecurity threats than the traditional office setup.
However, that doesn’t mean there is no solution.
As a company, you can still put various mechanisms in place to ensure the safety and security of your data. You should also train your employees on how to safeguard themselves and your company data from cybercriminals.
A managed service provider (MSP) like Tier 3 I.T. specializes in cybersecurity, data back, and recovery to help you with both of these. They know what tools to use to keep your data secure, even in the work from home data risk scenario. They will also train your employees on the common mistakes that people make unwittingly, which often leads to significant data breaches.
Tier 3 I.T. offers service packages, managed I.T., training, and can act as the bridge between your software and people. Our background in implementing secure, robust, and business-oriented solutions means you can offer your team all of the advantages of hybrid work models with minimal security risks.
Contact us to get started on building a security package that covers all of your security needs and promotes a streamlined workflow for your entire in-house and remote team.