As companies around the world scramble to roll out remote work strategies in the wake of the COVID-19 pandemic, some organizations are better prepared for it than others. The tech sector, in particular, has long embraced remote work and actively promoted flexible working arrangements, but few have made strategies that included the possibility of their entire workforce having to work from home at the same time.
IT departments, in particular, have felt the pressure of having to implement company-wide remote work strategies. These can come with particular challenges in the tech sector where employees often use specialized software, multiple operating systems and regularly process massive amounts of sensitive data.
Some stricter data protection requirements like those preventing remote work under laws and standards such as Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS) have been relaxed during the COVID-19 crisis. However, under data protection regulations such as the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), compliance is still mandatory. Authorities may prove more lenient because of the ongoing situation, but they are unlikely to look kindly upon lax data security practices.
So how can tech companies ensure that their data stays secure during these times of remote work? Here are our tips:
A private space for sensitive data
One of the biggest risks of remote work is the fact employees are outside the security of a company environment and are surrounded by unauthorized third parties. This means that sensitive information could potentially be seen, heard or stolen by outsiders.
An easy way to ensure the security of data is for employees to have a dedicated workspace within their homes where they can take calls behind closed doors and lock away their work at the end of the day. It’s also important that whenever they are not working, employees always log out of the company system to make sure that, should anyone use the computer, they cannot access sensitive company information.
Employees should also be careful with printed sensitive data. It should never be kept for longer than needed for the task it was printed for. Documents should be stored under lock and key and destroyed when no longer needed.
Prevent the spread of Shadow IT
Shadow IT or employees using unsanctioned, unofficial apps to get their work done, is a problem in normal working conditions and an even more serious threat to data security when employees work from home. The reason for it is fairly simple: employees will face new challenges in performing their tasks while working remotely and they will improvise solutions on the fly, in most cases by using unauthorized apps and software.
Companies can prevent the spread of shadow IT by offering a list of approved solutions before employees start working remotely. The most widely needed applications are communication-related: videoconferencing tools, instant messaging apps, document sharing services, and virtual co-working spaces. By anticipating employees’ needs, tech companies can ensure that sensitive data is not uploaded to or processed through potentially dangerous solutions.
Monitor sensitive data at all times
Many companies use solutions such as Data Loss Prevention (DLP) tools to protect and monitor sensitive information. However, as devices that have sensitive data stored on them leave office premises and rely on Virtual Private Networks (VPNs) to connect to company networks, locally stored data may suddenly become vulnerable.
Companies must check that data protection policies are applied at the endpoint level to ensure that sensitive data is continually protected, whether a device is connected to the internet or not.
Protect all operating systems
Many tech companies run a cross-platform mixed environment not only because of personal preferences but also because, most of the time, they themselves develop applications and solutions that need to run on multiple operating systems.
This means that once remote work plans are implemented, companies must ensure that devices running on all operating systems are connected and protected. From VPNs to DLP solutions and videoconferencing tools, they must all function across all operating systems or risk leaving essential personnel outside the company network, with a vulnerable system just waiting to be exploited.
Be vigilant of scams
The COVID-19 pandemic has spawned a whole new variety of scams and phishing attacks that play off people’s need for information and essential items that might be in short supply such as face masks and hand sanitizer.
Companies must, therefore, remind employees of best security practices and discourage them from clicking on links in emails from unknown senders or downloading questionable files. They should also always verify the source of official emails requesting sensitive information and never reveal passwords and login details online.