The arrival of COVID-19 worldwide in March 2020 signaled the launch of the great work from home (WFH) experiment. The global pandemic forced organizations and workers all over the world to work remotely in numbers that were inconceivable prior. According to McKinsey, the number of Americans that can work partially or full time from home is 58% or approximately 92 million.
As the pandemic fades, workers and organizations are considering the long-term prospect of remote work, what stays, what goes and how can it be implemented in such a manner that services the organization, the employee, and the customer. Front and center to all of this is how can we do it while protecting the organization’s data? We’ll look at this issue from both the employee’s and the employer’s perspective.
Whose Data is it Anyway?
The Employee Perspective
For many knowledge workers, the ability to work efficiently from outside the office is something they have known about for years and have likely lobbied for. Now that they have obtained it, they are hesitant to go back to pre-pandemic office life. Yet, part of the tradeoff in working outside the office is handling the organization’s data in a responsible and effective manner. There are six key areas that employees should focus on to engage in remote work:
- Equipment: Avoid using personal devices for work: Employees should avoid using personal devices for work purposes, as they may not have the same level of security as company devices. Chances are it’s a better work experience as well, given that it likely has the tools required to do your job already installed.
- VPN: Use a secure network: Employees should only access company data over a secure network, such as a virtual private network (VPN). This will encrypt the data and help prevent unauthorized access.
- Password Keepers: While not remote work specific, you should use a password keeper to store unique passwords for every site and application. Never reuse passwords, many security breaches have been tied to password reuse.
- MFA: Use Multifactor Authentication (MFA) when possible, this will make it more difficult for adversaries to gain access to your system and to company data.
- Data Storage: Keep sensitive or restricted data on work servers and do not copy to your local machine unless required. If the machine were to be lost or stolen, the potential for negative impact is reduced.
- Update: Keep software up to date: Employees should ensure that their devices and software are kept up to date with the latest security patches and updates. This will help protect against known vulnerabilities that could be exploited by cybercriminals.
By embracing the above ideas employees can enjoy the flexibility that remote work offers while ensuring they are protecting their organization’s data. Simply put, the fewer security incidents that occur while working remotely, the more likely your organization will continue to allow it.
The Employer’s Perspective
With the initial wave of the pandemic behind us, you’ve been able to take a breath and now it’s time to solidify the solutions you rolled out in 2020. Leadership has had the opportunity to develop a vision for remote work, now let’s execute that vision. Here are 6 items to consider when creating a productive, positive remote work program that meets the needs of your workforce while protecting the organization.
- Expectations: The first two ideas are not specifically technical: Set clear expectations and goals: Remote workers need to understand what is expected of them and what their goals are. Make sure you set clear expectations and communicate them clearly.
- Policy: Establish a remote work policy: A clear remote work policy that was created with employee input, can help set expectations and guidelines for remote work. This can include guidelines on work hours, communication expectations, and how to handle technical issues.
- Educate: It’s important to provide training and support to remote workers to ensure they have the skills and knowledge to be successful. This can include training on remote work best practices, as well as ongoing support to address any issues that arise.
- VPN: While a VPN was mentioned in the previous list, it is possible to configure your employee’s devices to automatically login to your VPN upon boot, this will ensure that your remote machines are always connected to a secure network.
- Zero Trust: More than the latest security buzzword, a zero-trust model of authentication provides an additional layer of security over a traditional VPN.
- CASB: Chances are your organization utilizes cloud services in some way. Cloud access security brokers provide much needed visibility and security for your data in the cloud. Coupled with an always-on VPN a CASB can also prevent the use of “Shadow IT” or unapproved cloud services by your employees.
Remote work can be a win-win for both employers and employees. Employers can retain talent as well as open a much larger geographic area for recruitment. Employees can enjoy a higher quality of life that remote work offers. By addressing the challenges and best practices for securing company data for remote workers up front you are more likely to succeed. Organizations should provide remote workers with training on cybersecurity best practices, coupled with clear policies and procedures for remote work, that include guidelines for the use of personal devices and networks, and for reporting security incidents.