Nathan Turajski, senior director, data privacy & protection at Informatica, discusses how IT teams and employees must share data privacy and security responsibilities
The rapid shift to remote and hybrid work over the last two years has had a profound impact on how employees should approach their job. While organisations quickly realised the need to adapt their IT operations to the demands of being physically distanced, many have been slow to recognise the operational changes wrought by these changes. This is particularly evident when it comes to data management and security.
Historically, sensitive data has been able to be secured on premise, with employees not having to worry much about their role in keeping it safe within the confines of their work environment beyond traditional warnings like “rotate your passwords”, “use a complex combination” and “lock your laptop after use”. Remote and hybrid work fundamentally changed this dynamic overnight, with organisations needing to make much of their data available to everyone, everywhere, and anytime. Data availability was the priority, with new unknowns to be addressed cropping up on the privacy and security exposure side.
Hackers were much quicker to realise the primary security vulernability of this shifting landscape were employees. They have sought to exploit the challenge of adapting to remote working, with a huge increase in phishing attempts seen since the start of the pandemic. In the UK alone there was a 15-fold increase in online scam attempts, according to the National Cyber Security Centre, as home user exploitation transitioned into an easier exploitation of corporate workers operating in hybrid environments, where the line between personal space and employee became blurred.
Protecting enterprise data calls for shared responsibilities between IT teams and employees, for those organisations that are new to this model of remote workforce enablement. Here are key tactics both should consider in protecting their data.
Data Privacy Day 2022: keeping data secure in the organisation
Adding layers to your security
Traditionally, enterprise-level security would cover the entire network when it supported an office environment. Now, with remote becoming the norm, it has introduced a “bring your own network” approach to addressing security gaps. One of the most significant steps remote workers can take is to add additional layers of privacy to their data as they normalise operating from home networks and similar historically untrusted locations.
As an immediate and easy first step, remote workers should enable and use multi-factor authentication when available to protect access to their online information, from financial accounts to email and more. If hackers are able to obtain your passwords, they would still need your unlocked mobile phone or similar authentication device to gain access via authorised text messages and temporary codes.
Meanwhile, using biometrics, such as facial and fingerprint authentication, are critical. For organisations that want to protect trust when accessing devices, they will need to make it more difficult to access those devices. Enabling these features will make it very challenging for scammers to hack your devices and, if you combine biometrics with other multi-factor authentication, you will have a stronger defence.
Balancing security with convenience
Having entire organisations working remotely is a relatively new phenomenon, but traditional security advice remains very relevant. Remote workers should consider the technologies available to support their remote security needs, such as a password manager that allows you to use a variety of passwords and rotate them often, without having to remember them all, but which makes it difficult for hackers to access your different accounts based on a single master password that could have been compromised when relied upon too often.
Equally, employees can upgrade their applications and tools to improve their privacy posture. Search engines and browsers such as DuckDuckGo, Brave Browser and Ecosia that give you more control over your privacy exposure can help minimise the risk of attack and personal information loss.
Network firewalls are another tool to consider, which can help upgrade a home network into an environment more consistent with that of the office by monitoring network traffic, blocking malicious websites and allowing you to moderate how others access resources. The more that home workers can replicate the security standards of their former office environment, the less exposure they create to company data, let alone their own personal and confidential assets.
Top tips to protect online networks in schools from cyber attacks
Avoid public networks when unprotected
Remote work and a mobile workforce has given us the opportunity to operate from anywhere, from your local coffee shop to a public library. Yet working in public spaces can be dangerous, primarily because public networks are not as secure. Remote workers should consider using a VPN when working on untrusted public networks – a Virtual Private Network that allows you to connect to your secured, home network or a trusted service provider, no matter where you are in public.
Social media is often the topic of conversation when it comes to privacy, but it’s even more important to know that any piece of public posted information such as an attribute about you, personally, can be scraped into a database and potentially used against you and your organisation. Hackers get better at this every day, with automated capabilities improving to collect data and predict or impersonate people. While you might even trust your social media, even a trusted source can be hacked or abused by third parties, so avoid sharing your highly-sensitive information online if you cannot trust where it may end up later for use.
Though remote working has been a huge boom for organisations and employees alike, in many ways we are all still getting to grips with many of its implications. The flexibility it has afforded workers comes at a cost, as they now need to be more aware than ever of their role in an organisation’s data management and security flow.
Enterprise IT teams cannot manage this new ‘network from home’ landscape simply by themselves by turning every remote office or coffee shop into a full extension of their traditional IT network. The home environment is an extension of the office and needs to be treated as such by employees with increased diligence.
Securing your home network doesn’t demand a brand new approach or technologies. The answer is both simpler and, in many ways, more challenging than that. What we need is a mindset change across the entire organisation to understand shared responsibilities to secure our environment and manage privacy exposure to minimise risks that will continue to increase.