The range of the coronavirus, COVID-19, is rapidly spreading across the world. In almost every country, numerous businesses have begun to take swift action in an attempt to curtail its spread. A centerpiece of these endeavors is remote working (teleworking or working from home). Although self-isolating work arrangements such as a remote working could be efficient in slowing down the community spread of the coronavirus from one person to another, they have heightened data security challenges that are very different from on-premise risks and challenges.
Here is how companies can consider combatting such challenges.
Company Policies and Protocols
Every organization must review its existing information security, data security, and similar such policies to understand if there have instituted security guidelines for working from home or remote access to organizational information systems. Some companies already have procedures in place that are equipped towards working from home. In contrast, others may offer contingencies in times of disasters such as recovery plans, bring your own device (BYOD) policies and similar such protocols in place. If your organization does not have an appropriate data security plan or strategy in place, now is an excellent time to establish it. At least provide fundamental guidelines in addressing remote access to organizational information systems and how employees can or cannot use personal devices for company work.
Spread of Information
Company managers must be familiar with applicable data security guidelines, policies, plans and protocols that are in place in order to ensure that data is accessed by relevant teams only. It is crucial for every company that all its employees are aligned from top to bottom. And since not every organization has employees that work in a security role and most would not have as likely worked remotely before, offering relevant guidelines to all employees is just as crucial.
Putting Guidelines in Place
Organizations must review their data breach and incident response plans to establish that they are prepared to respond to a data breach or a data security incident. This means every company must update its policies if needed for contact information, for remote incident response teams and third-party associates. At a time when remote working is now essential across organizations, the increased data security risk compounds the fact that every company must have a data breach and incident response plan in place in the event of a data breach.
Data Security Tips for Remote Workers
Organizations must remind their employees of the kinds of data that they are supposed to be safeguarding. This includes data such as IPR, trade secrets, protected and confidential business data, work products and services, client information, customer data and other personal information that must be safeguarded. Ideally, organizations should use digital rights management software that can control sensitive information from being accessed or shared without permission.
- Confidential data applies to specific types of information including medical records, financial data and employee records that are stored or sent to or from remote applications and devices. These should be encrypted at all times. Whether in transit or at rest on the device, or removable media used by the device, digital rights management can help in safeguarding PDF documents and other file formats from unauthorized use.
- Inform personnel on how to handle and discover various forms of social engineering attacks that involve remote devices and accesses to organizational information systems. Given the rising number of coronavirus-based data risk breaches going around, users should be instructed to avoid clicking on suspicious emails or opening attachments that could endanger their systems.
- Prevent the sharing of work computers and other devices other than by the employee. Employees must be informed that their work devices must not be shared or used by anyone else in the house, which can help in reducing the dangers of unauthorized or inadvertent access to company data and information.
- Organizational information must never be downloaded or saved to personal devices or cloud services of employees. This includes computers, thumb drives, cloud services and other accounts used by employees such as Google Drive or Dropbox.
- All employee devices must have essential security software installed and ensure that those versions are updated with the latest patches.
- Companies must look to control employee access to confidential data to the minimum scope and tenure needed to perform their duties. In this regard, digital rights management can prevent sensitive data from being printed, copied, and forwarded by users. It ensures only authorized users can access and read information, and that use of that information can be tightly controlled to prevent leakage. DRM can also be used to instantly revoke access to information for total document security.
It is important to note that various compliance regulations and laws, including HIPAA, still apply even at the time of coronavirus. Hence, it is crucial to stay vigilant at all times to ensure data is continuously protected regardless of who is using it and where it resides.