Cloud Hosting

Amazon announced that the company is extending its work-from-home policy until January 2021, continuing a trend that many organizations have adopted since the onset of COVID-19. It's not clear yet whether other companies will follow Amazon's lead, but given the trajectory of the virus, it's likely that plenty of people will be working from home for some time to come.

This steep increase in remote employees, brings several challenges, especially when it comes to privacy and potential data security risks. Safeguarding data within a secure corporate environment is difficult enough. Doing so remotely can challenge even the staunchest security teams.

Work-from-home (WFH) employees bring numerous risks to data at rest and in motion, and organizations must take whatever steps necessary to protect sensitive data and prevent compliance violations.

Employee behavior is often regarded by organizations as the weakest link in data protection. Moving employees outside of the office can weaken that link even further, especially with a sudden increase in people working out of their homes.

The data security risks they bring can be grouped into the following six broad categories.

IT teams can take steps to help mitigate the storage and data security risks that come with WFH employees. Although the exact protections will depend on circumstances, the steps themselves can be grouped into the following categories:

When possible, organizations should provide their home workers with company devices that IT can manage and fully secure. However, they must do so in a way that does not violate the employee's privacy, as governed by applicable compliance regulations. When an organization can't provide its WFH employees with devices, IT should ensure that employees have the security protections they need to safeguard their personal devices, such as antimalware software or the ability to enable firewall protections.

Data must be encrypted whenever it is transferred and wherever it resides, employing storage security best practices at all times. If employees are using their own computers, a member of IT should instruct them on how to implement encryption. Organizations might also consider giving pseudonyms to data before transferring it in order to remove personal information that could identify individuals. In addition, IT teams should make VPNs available to employees and implement virtualization technologies such as virtual desktop infrastructures where possible and practical.

If WFH employees have what they need to do their jobs, they're less likely to implement shadow IT or take other shortcuts.

A comprehensive identity and access management framework is essential to controlling user access to sensitive data. IT teams should apply the principle of least privilege when granting access to storage resources or other assets, while adopting strategies such as strict password policies, two-factor authentication and, where possible, biometric authentication. They should also monitor for credential sharing and other risky behavior. In addition, organizations should consider password management to help users store and generate their passwords.

If WFH employees have what they need to do their jobs, they're less likely to implement shadow IT or take other shortcuts. IT should ensure that workers can easily access their documents and effectively collaborate with each other, without having to store sensitive data on their local systems. To this end, organizations might consider centralized cloud storage or collaboration platforms, or similar services housed in their own data centers. They should also ensure that centralized backup and disaster recovery services are in place to support WFH operations.

Without the right tools, administrators cannot effectively safeguard data. For example, an IT team might benefit from unified endpoint management. IT also needs to be able to audit file access, monitor for threats, set alerts on suspicious login activity, scan emails and carry out several other operations. In addition, IT should be able to patch remote systems as well as control what software employees install on corporate-owned devices, and they need tools to track and inventory these devices.

The better prepared employees are for working at home, the more effectively they'll protect sensitive data. Organizations should provide their workers with clear guidance on how to safeguard data and what's at stake if they don't. Proper training should be a top priority so that everyone understands the organization's WFH policies and what is acceptable behavior. The goal is to help them develop secure work habits, while providing them with the feedback and support they need to encourage those habits.

Excerpt from:
Prevent the storage and data security risks of remote work - TechTarget