With the coronavirus threat having moved on from disrupting your business’s supply chain to threatening your employees’ health at home, now is the time to implement that company-wide remote workplace plan.
This article is from FRA's sister company, Compliance Week.
While there are a host of considerations in transitioning to a fully remote workplace—hardware, software, securing a connection, training employees, and maintaining productivity among them—perhaps the most pressing issue is protecting your company’s sensitive data.
Remote workplaces “may be prudent and advisable, but can inadvertently heighten the risk of data breaches or other cyber incidents, which in turn can lead to substantial financial loss, reputational harm, and legal exposure,” wrote the firm Paul, Weiss, Rifkind, Wharton & Garrison in its Coronavirus Resource Center blog.
A completely remote workplace also opens up a myriad of cyber-security risks that can be exploited by bad actors—from disgruntled employees downloading sensitive files to opportunistic hackers accessing your company network over unsecure home or public Wi-Fi signals. If more employees work remotely, chances escalate that company laptops, thumb drives, or other company data devices will be compromised. And remote work opens the door to phishing, spoofing, and other scams that attempt to convince employees to grant server access or authorize transactions, according to the Paul Weiss blog post.
Data breaches are a huge problem in the United States, with more than 10,000 serious breaches publicly reported since 2005, according to the Identity Theft Resource Center (ITRC). Of the more than 1,400 publicly reported data breaches in 2019, almost 40 percent were due to hackers, which included scams like phishing, ransomware, and skimming. The next largest cause (over 36 percent) was unauthorized access, according to the ITRC’s January report on data breaches.
Remote employees are more susceptible to hackers and allowing unauthorized access.
And while top management may have secure connections, company laptops, and adequate training, other employees may not. They may be working remotely for the first time, trying to get acclimated with a host of new protocols and be productive while working from home. Converting an entire workplace to remote work is certainly a challenge, said Gregory Bombard, a partner with the law firm Duane Morris.
Bombard offered several “speed bumps” for bad actors that could help prevent the theft or loss of company data by remote workers.
First, limit access to particularly sensitive information, he said, by increasing the permissions necessary to access it.
Then, “monitor employee accounts for unusual activity like large or rapid downloading, printing, or emailing of data. There is rarely a legitimate business purpose for large-scale transfers of data,” he said.
“Even adding a minor speed bump can help limit the risk,” Bombard said. “For example, implementing a system where employees have to get approval before using file sharing websites, downloading significant amounts of data, or accessing particularly sensitive information.”
Lastly—and this might be difficult in a rapid scale-up of a remote workplace—make sure all employees have appropriate non-disclosure agreements in place and receive training on the proper handling of confidential information. Employees should be regularly reminded of the company’s policies for protecting its data and the consequences for failing to do so.
The coronavirus has sickened hundreds of thousands of people worldwide and killed over 3,200. So it’s hard to wrap your head around potential benefits.
But the pandemic could accelerate a work-from-home trend in the corporate world.
Brendan Kiely is managing partner and co-founder of ThinScale Technology, an Irish company that specializes in helping companies allow employees to safely access sensitive data from their personal laptops. ThinScale’s product is called ThinKiosk, and it allows employees to access a company’s virtual desktop while locking out the personal laptop and prohibiting unauthorized downloads or access.
The coronavirus “is forcing companies to face their fears of work from home, in terms of production, in protecting data, and more,” he said. Working from home, he said, “can be converted from a liability to an asset for a company, if it’s managed correctly.”
“These companies will be able to say to their clients, listen, we can serve you during a pandemic, and our competition cannot. It could become a competitive strategic weapon,” Kiely said. “But you’ve got to have buy-in from all departments, they all have to sing from the same hymn sheet.”