happier IT Inc.

View Original

Data Security for Your Remote Workforce

While the COVID-19 pandemic has temporarily altered the landscape for most organizations, many newly constructed remote workforces have now created major gaps in their cyber security posture and have yet to be addressed. With no clear time frame for when self-isolation will end, these organizations continue to face extended risks to their data security.

In order to find solutions, it is important to first understand what risks are involved and how to mitigate them.

Data Security Risks

The problem with a large, insecure remote work force is that it creates a broad attack surface that is more vulnerable to risks than usual.

Prior to the influx of remote workers produced by the pandemic, a recent poll by OpenVPN showed that 90% of organizations felt that their remote workers were not secure.

Risk: Employee Data Theft – Non-Malicious Intent

By copying files onto a personal device, the user is usually unaware that they are doing something that is both illegal and potentially unsafe. Storing data on a personal device leaves it susceptible to external theft from bad actors as most personal devices are not nearly as secure as the ones in the office. Without the firewalls and professional security tools that create your company’s security perimeter, it is much easier for cyber criminals to infiltrate personal devices. With the knowledge that more remote workers have been deployed due to the pandemic, there has been a significant uptick in COVID-19 themed scams targeting remote workers working outside of their office security perimeter.

Risk: Employee Data Theft – Misuse, Stolen or Lost Devices/Data

As mentioned earlier, the risks of employee data theft can go beyond theft with malicious intent. Data theft from misuse can happen when storage devices are lost, stolen or misused, and by carelessly attaching the wrong files to emails or sending information to the wrong person. The latter can be addressed with proper diligence and initiating cyber security awareness training, while the former can be avoided altogether.

Self-isolation might last longer than anticipated, so portable storage devices that have been left lying around could end up being misplaced or picked up to be used by other family members and roommates. In these cases, lost or exposed data can have the same damaging effects as a data breach.

Solution: Remote Access to Office Workstation

To combat the risk of non-malicious employee data theft and theft by misuse, organizations can look to use remote computer access to office workstations. Remote access allows employees to control their physical office computer from home. While the computers are securely connected, all applications and data remain on the office computer which is safely working from behind your network’s cyber security perimeter. Essentially, the user’s remote device will act as a display for their office computer.

There are still risks to using a remote access device, so it is critical to properly configure the software and have the user trained on how to safely login and use the application. If you need help with setting up a remote access connection, please contact us team@happierit.com.

Risk: Insecure Personal Devices Infecting Server/Data

As we mentioned, the use of insecure personal devices in remote settings can pose a serious threat to your network if they are infected with malware and connected to your organization’s network. The initial problems with using insecure personal devices is that they can regularly be used by anyone and are likely not regulated or equipped with the same standard of professional cyber security tools like at the office. Often, they can easily be compromised or are already infected with some sort of unnoticed malware.

Solution: Virtual Desktop Infrastructure (VDI)

Virtual desktops essentially allow the hosting of a desktop environment (windows, folders, toolbars, etc.) to take place on a central server instead of a local PC. In this situation, a user can access their desktop remotely from any device. Everything is now centralized including security, storage and management. This provides a major boost to data security as one user’s actions will not affect others.

VDI can offer many benefits in industries such as healthcare and finance where high amounts of personal data must be securely accessed by many parties.

Risk: Compromised Insecure Personal Device

For most companies it will be nearly impossible to check if every employee’s personal devices are free from malware, free from spyware, if they have been hacked or if they pose a threat to data security.

Solution: Providing secure-corporate devices for remote workers

Instead of checking each personal device, a more efficient plan of attack is to provide a secured device for employees. If budgets are limited, consider supplying those that are in most need of utilizing a secure device. Knowledge workers and those in financial departments will be highly susceptible and should be prioritized.

Proper awareness training and policy guidelines should be mandated and followed when using corporate devices. Each corporate device should also be outfitted with professional quality security tools in order to further increase remote safety and proper cyber hygiene.  

Need Help With Your Data Security?

Evolving breach laws and ever-changing compliance guidelines, combined with the recent surge in COVID-19 themed targeted attacks have created an environment where remote data security cannot be lost in the shuffle. Now, more than ever, data security needs to be prioritized for remote workforces. Organizations need to look within to revise remote policies, implement awareness training and equip their employees with a safe work environment from home.

If you’re already a happier IT client and need help with your remote security setup, please reach out to your happier IT representative or email team@happierit.com.

If you’re not yet a happier IT client, but you are interested in bolstering the security of your remote workforce, please contact sales@happierit.com.