As more employees work from home due to the COVID-19 pandemic -- many for the first time ever -- it has become clear that data security precautions are falling by the wayside. The new environment, schedule freedoms and distractions are causing many to slip up and put sensitive company data at risk. Let’s look at some of these common security mistakes and how IT security teams can best address this challenge head-on.
Use of insecure networks
Unless employees are fairly tech savvy, they may be completely unaware that their home networks are vastly less secure compared to what they’re used to in the corporate office. WiFi is the biggest offender in these situations. That said, all employees should have long been trained on the dangers of public/open WiFi connections. It should also have been taught that the same dangers found in public WiFi also commonly exist at home. That’s why the use of a VPN or other secure communications tunnel is required when working over the internet. That said, many employees have clearly forgotten this advice and are working with sensitive data and apps on insecure networks.
Moving data/documents to non-corporate devices
Don’t just assume that your employees are using their office laptop as their sole work device. In fact, many employees are moving documents from their work computer to the home computer or smart devices for a variety of reasons. Although these personal devices may have some form of anti-virus software installed, the security tools and mechanisms put in place are undoubtedly far less secure than what you’d find on a business PC. After all, security is the primary reason employees are allowed to bring their work laptops home in the first place. If that’s not being applied across personal laptops and devices, it’s certainly a cause for concern.
Sharing of access credentials over non-secure tools
Because business teams have become physically dispersed more than ever before, the separation of process/procedure duties begins to rear its ugly head. Often, you have one employee that must wait on another to get access to information or documents. Thus, it’s becoming commonplace to have one employee share access credentials with teammates to reduce these types of process bottlenecks. While this is an issue, the more concerning part is the fact they employees are sharing those credentials over insecure and often unapproved collaboration tools. Shadow IT is becoming rampant as employees are bypassing the IT department to find the collaboration tools that work best for their departments and teams now that they’re in a WFH scenario. Thus, credentials are being shared -- and potentially stolen -- across an untold number of internet-based collaboration apps and services.
Sharing too much on social media
One of the more troubling security aspects of this new WFH lifestyle we all now find ourselves in is the fact that personal social media usage is being intertwined into the workplace like never before. What many IT security professionals are discovering is that employees are knowingly or unknowingly leaking sensitive business information onto social media through posts about working while stay-at-home regulations are in place. These social media leaks could be found in comments about what the employee/business is working on, photos of workspaces accidently showing sensitive information displayed on computer monitors or other similar instances where the “human factor” is causing data leaks.
Two primary ways to prevent data loss in WFH environments
There are two different approaches IT security teams can take when it comes to extinguishing data leaks due to new work from home lifestyles. The first approach is to implement edge security tools that stretch all the way out to the remote user to provided added security control and visibility. These technologies include the deployment of secure teleworker gateways, virtual desktop infrastructure (VDI) and advanced data loss prevention (DLP) tools processes.
While technology can certainly assist with data loss in remote workforce environments, a cheaper and more cost-effective method might simply be to train or re-train staff on the appropriate ways to handle sensitive business information. This training could be tailored specifically for work from home situations that the remote employee is likely to encounter as they wait to return to the office. After all, in most cases, employees are causing security breaches without even realizing it. Thus, a little training can go a long way in preventing this type of sensitive data and intellectual property loss.