The need for remote work of employees of most organizations reveals certain problem areas. Each particular business faces its own security risks connected with remote work and access. And each individual has to solve safety issues, picking the most reliable antivirus for Windows or the best free Android antivirus. The rapid development of the epidemiological situation caught many companies by surprise. Most of them were not ready for it – neither morally nor technically. In this regard, many IT companies provide training, clarification, and counseling for one common purpose – to survive remote work during the quarantine.
Remote Work Risks: How to Protect Business Data
The workplace of an employee functioning from home is a rather blurred concept. In any case, many “remote” scenarios fit into the use of two well-established types of jobs:
- A corporate laptop issued to an employee in the office;
- A home computer more or less adapted for office tasks.
It is important to note that information security threats occur when using both types of workplaces, and each of them has its own specifics.
1. Theft or loss of laptop during transportation
Using an enterprise laptop outside the controlled area of your organization involves primarily physical security threats. Cases of a laptop loss, theft from a car, etc., are ubiquitous and common. If such a laptop falls into the hands of an attacker, service, confidential, or critical information will be compromised. This type of incident most often appears in high-profile leaks, entering news feeds.
2. A laptop in a suspicious environment
An equally important information security issue is connecting your laptop to your home network. There is a high probability that the router or home network access point is compromised. Connecting to a hacked access point can lead to attempts to scan and exploit vulnerabilities on a corporate laptop, and then to attempts to break into enterprise IT resources that an employee works with from home.
3. Home computer security issues
The home computer is more likely to have been infected with a virus, trojan, or bot in the past. Confidential information from such a workplace will be “quietly” leaked without the possibility of detecting and investigating such an incident. On the vast majority of home computers, there is no suitable means of protecting confidential information, which allows separating the working and personal area of storage and processing of documents. There is also no appropriate means of controlling access to the processed information.
4. Using USB flash to transfer documents
The use of flash drives itself presents a separate set of information security challenges:
- The flash drive is very easy to lose along with confidential information;
- Accessing files on a lost flash drive is very easy for an attacker of any skill;
- It is difficult for a user to remove information from the drive securely. Even when formatting a flash drive, the data is easily restored by a skilled person;
- It is difficult to control the use and transfer of drives between employees outside the office.
All these problems significantly increase the risks of sensitive information leakage. However, many organizations cannot opt-out of USB drives without compromising workflows.
5. Sharing files using public services
Most workflows involve an active information exchange. When working remotely, it is very convenient for employees to share files or archives. In most cases, they use email or multiple file exchange services. The information is not protected; it is very difficult to control access to such services. The risks of leakage of confidential information are significantly increased.
To solve such problems, a tool is needed to protect confidential information adequately, and to ensure reliable control of access to protected information. At the same time, such a tool should consider all nuances and specific threats arising “on the remote.” An additional requirement is that the products used must be easy to install, configure, and use.
Solutions to Survive Remote Work and Not to Lose Data
- Statistically, more than 80% of information security incidents happened because of weak or stolen passwords. Therefore, the introduction of two-factor authentication significantly increases the level of overall security. Also, it helps to reduce the risk of theft or password selection to almost zero. Multifactor authentication is required to ensure a proper level of security. Only multifactor authentication options can protect employees’ accounts from compromising their credentials, unauthorized access to important corporate information, and its misuse.
- System partition encryption will prevent the hacker from booting the computer without passing a mandatory two-factor authentication. Physical access to a disk with a system partition also does not increase risks because the information on it will be securely protected by encryption. At the same time, the security system for the authorized user does not impose any restrictions and is completely transparent.
- Encrypt folders and files to create a separate, secure area for storing and handling sensitive information. Only an authorized user will access this information. Other users, including the IT administrator, do not have access to encrypted information. Thus, the problem of separating work and personal areas on the home computer is solved without additional restrictions for other users.
- Control of the use of USB media, allowing to copy protected (therefore important/confidential) information, only for authorized users. When you copy, all information on the USB media will be encrypted, with the ability to read only by an authorized user and only on a specific workstation. This feature allows your organization not to opt-out of flash drives while providing strong information protection.