Government-mandated lockdowns due to the COVID-19 pandemic meant that millions were forced to work from home for extended periods of time, many of them for the first time. And so what was once a gradual remote working trend became a remote work revolution courtesy of a global pandemic – with rocket boosters attached!
However, more employees working at home has meant that the risk of data breaches has risen in lock-step. Protecting data within one company server is far easier to accomplish than protecting data spread out and used over numerous private internet connections. This scenario inevitably puts company data at higher risk of being breached.
This article will provide insight into why data breaches may arise due to remote work and how to reduce the risk of data breach issues among staff who are working remotely.
Why and How Do Data Breaches Occur Due to Remote Working?
Data security experts were unanimous about one thing at the outset of the pandemic lockdowns: a dispersed workforce operating remotely would result in a greater risk of data breaches. Why that assertion? The most obvious reason is that remote workers will not ordinarily work on a secure corporate server.
Instead, most employees will work via their own home WiFi connection, very often with little or no understanding of the dangers of doing so without proper security software and other means of protecting their employer’s data.
The ‘how’ of these data breaches due to an upsurge in remote work is very revealing. IBM found that the leading threat type during 2020 (i.e. at the height of the coronavirus lockdowns) was ransomware at 23 percent of all security events, followed by data theft. These were in direct proportion to the sudden mass move to remote working in most territories.
The problem is that the rush by companies to get employees to work remotely was not matched by data security provisions to safeguard people working from multiple locations and via multiple, often unsecured home-accessed servers. Remote working security risks became heightened as a result.
This tendency not to be well-prepared for the data security of remote workers was exacerbated by what experts refer to as ‘Shadow IT’. This occurs when employees opt for online, generic IT solutions in order to get work done or for a ‘quick fix’ to an IT issue that would ordinarily be done by the company’s IT department ‘down the corridor’. Being at home often equates to home solutions. The problem is that resorting to ‘Shadow IT’ can often leave the user’s computer vulnerable to cyberattacks and, hence, compromise the employer’s data too.
The costs of these data breaches are not minor either; in fact, they can be hugely expensive. The 2020 Cost of Data Breach Report, conducted by IBM Security in association with the Ponemom Institute, estimated that data breaches cost an average of $3.86 million dollars (or £2.83 million). This was found to be almost £1 million pounds higher per breach for cyberattacks not associated with remote work.
The time-related costs of such breaches is potentially enormous too, according to the same IBM Security study: an average of 280 days is typically needed just to detect and contain them.
8 Ways To Reduce Data Breaches Due To Remote Work
There are a number of ways in which companies and their IT departments can try to reduce the risk of data breaches caused by employees working remotely. Here are eight of the best ways to accomplish that:
What employees should do:
- Use A VPN: Employees should be instructed to use a virtual proxy network (VPN) whenever they are doing online work from home or remotely accessing the company server.
- Stronger Passwords: Employees should be made to tighten their passwords across the board, including login credentials to the corporate server and access to their home network. For better security, passwords should be a minimum of 12 characters in length and include a combination of upper and lower-case letters, numbers and special characters or symbols. .
- Multi-Factor Authentication: Also known as Two-Factor Authentication, this can be in the form of a password coupled with a further code being sent by SMS to a user’s mobile phone. Where possible, this will provide an extra layer of password protection from hackers who may resort to a sophisticated ‘brute force attack’ in order to hack an employee’s passwords.
- Secure Shredding: Although data is increasingly in digital format, use is still made of paper or ‘hard’ copies of documents and company info. Employees may be lax when throwing away or otherwise disposing of documentation when working from home. Sensitive, even critical company data could be exposed. A variety of measures regarding secure shredding of documents should be implemented- Measures can range from a shred-all policy for all work-related paper documents to training employees in best practices regarding the destruction of paper documentation when working remotely.
- Router Updating: Most laypeople do not realize that the routers they use to access the internet need to be regularly updated. Failure to do so can result in leaky WiFi connections that are a boon for hackers. The problem is rife and real: a study by Germany’s Fraunhofer Institute for Communication found that 90 percent of personal routers had not had their firmware updated with the latest patches and fixes by manufacturers.
What employers should do:
- Educate, Educate, Educate: the importance of data security at all times, and especially for remote work, should be a mantra within a company. Employees should understand the fundamentals of data security and the ease with which breaches can occur and their related risks for employee and company alike.
- Back It Up: Corporate data should be backed up on a regular basis, especially sensitive or critical data. Different servers, be they cloud storage, local servers or remote servers, for example, all have data leakage and hacking risks that necessitate frequent back-up procedures.
- Get Rid of ROT: Companies can literally horde data due to fears that important data may be lost when cleaning up. That is no excuse. Every effort should be made to delete redundant, obsolete and trivial (ROT) data, which not only saves data storage costs but also lessens the risk of cyberattacks due to ‘rotten,’ unused data.
Remote working is here to stay. More than ever, the flexibility afforded by working remotely is the desired choice of employees and employers are having to make the necessary concessions. What was once a ‘nice-to-have’ option offered to workers in a few key industries has now become normative across many industry sectors. The COVID-19 pandemic made sure of that.
IT departments, CIOs and management teams need to ensure that protocols are put in place in order to safeguard data among remote workers and reduce the risk of data breach. As shown. A failure to do so can be immensely costly for any organisation.