Data security is an especially important topic in today’s remote environment. With employees working from home or on the road and connecting via a variety of devices, keeping tabs on data security is more important than ever.
What Is It, And Why Is It Important?
The definition of data security is very broad, but essentially, it means protecting data from destructive forces throughout the life cycle of its use.
Remote work increasing has been an ongoing trend. According to cloud security firm Netskope almost 6 in 10 American knowledge workers are working remotely because of the Covid-19 pandemic, and that number is likely to increase.
Even though there was a spike due to Covid-19, remote work increasing has been an ongoing trend. According to FlexJobs, "A special analysis done by FlexJobs and Global Workplace Analytics found that there has been a major upward trend in the amount of people working remotely in the U.S. In the span of one year, from 2016 to 2017, remote work grew 7.9%. Over the last five years it grew 44%, and over the previous 10 years it grew 91%."
The good news is that even simple strategies can make a big impact. It is possible that these numbers will remain elevated from where they were previously, even as companies continue to reopen and the pandemic subsides.
Five Key Tips
1. Make Security Everyone’s Responsibility
You are the first line of defense, so take it seriously, and always be on guard. In the end, it will save you and your organization time, money and reputation. While there is a technology component to data security, the truth is that everyone has a responsibility to ensure that data and information are secure.
Many employees are working remotely for the first time ever as a result of Covid-19, so if you see something that doesn’t look right, talk to someone. Establish and communicate remote work policies, including personal device use. Remind employees of their responsibility to manage their equipment and the company’s data.
Make sure you have leadership buy-in and alignment. It is important that the message of security responsibilities is reinforced by all leadership levels and is not delivered only by the technology team.
Lastly, communicate with employees about phishing campaigns. Build a communication mechanism that will allow both proactive and reactive messaging. There will be situations where a phishing campaign gets through and you will have to take quick actions. It helps if you have established communication channels that employees are familiar with and trust.
2. Implement Tools And Protocols
There are several tools and policies that can be implemented to support employees and help provide a first line of defense. These should be the foundation of a good security plan. First up is access protection — are VPNs secure? The use of the VPN has increased significantly since the transition to remote work, and it’s critical to use a VPN when connecting to company resources from external networks. Next, make sure your data protection includes role-based access, encryption, authorization and authentication procedures that control who has access to the data.
The second line of defense is detection. Border protection using firewalls protects company data against external attacks. Make sure your firewalls are well maintained and updated. Endpoint protection is another critical component. Deploy antivirus and threat protection to all devices to ensure that data is properly secured. You should also consider introducing mobile device management through the implementation of containers to protect company data on personal phones and tablets.
3. Develop Your Training Plan
Start by reviewing what your current plan consists of. Next, evaluate the resources you need to support your plan. Should you outsource, partner or build your own training program? Do you have existing training systems you could leverage?
Finally, consider the security culture of your organization. Determine at what frequency training should be issued. Don’t forget about onboarding new users — training new employees is as important as training your existing workforce. Remember that confident and informed employees are more proactive and diligent in identifying potential threats.
4. Develop Your Continuity Plan
Organizations need to develop both a business continuity plan (BCP) and a disaster recovery plan (DRP). It is important to remember they serve different purposes. You need to treat them differently when developing your plans.
The development of a robust BCP is an essential activity for any organization. Organizations routinely restrain executives by only allowing them to participate in approval and funding roles. I believe that the Covid-19 pandemic has certainly changed that, and all functions across an organization have become involved in building out and executing the transition to remote work.
When building out your plan, make sure to account for different situations. Have a plan with clear owners assigned, and adjust for new risks and new worlds. Be sure to test on a periodic basis.
5. Know The Data Regulations
There is a lot to know, and the landscape in this space is rapidly evolving. Data privacy rules are becoming a reality. Take, for example, the three measures currently being considered around federal privacy legislation: the Consumer Data Protection Act, the Consumer Data Privacy and Security Act.
Organizations cannot take a passive approach to data privacy in the future if they want to stay compliant with regulations. A national data privacy policy will almost certainly become a reality in the U.S. and will follow similar approaches as the EU’s GDPR or California’s CCPA. An important first step is to identify someone in your organization who can take accountability for understanding your exposure and for developing your data privacy strategy.
In conclusion, when it comes to data security, it’s everyone’s responsibility. Remember, if you see something, say something!
Comments