Protect Your Company: COVID-19, Work-From-Home and the Risks of Data Leakage

Our world is dramatically different now.

COVID-19 has us all on high alert, guarding the health and safety of ourselves, our families, friends and co-workers, as we change our behaviors to try to survive and move past this awful  pandemic.

For many professionals, learning to work almost entirely at home is a new experience.

In the home office environment, data security may not have the importance it does at the workplace. Unfortunately, with the explosion of home-to-office connections, the threats to data are compounded by working remotely from home instead of in the reasonably secure office environment.

Every point of connection to the internet is a point of vulnerability. When you increase those connections, you increase your vulnerability (and not in a good way).

What is data leakage, and how does working from home affect it? 

First of all, data leakage is any unauthorized transmission of an organization’s data to a person or destination not connected to that organization. Data leakage is a constant threat in the work-from-home revolution.

Most data leakage is the result of employee behavior. It’s usually an innocent error. For instance, an employee can mistakenly hit “reply all” in an email containing sensitive data unintended for recipients outside the organization.

The COVID-19 threat prompted a huge wave of new work from home (WFH) employees with limited experience in connecting remotely. At the same time, the organization’s IT support staff may be overwhelmed. Focusing on staying open and getting employees back to work may push security into a corner.

Data leakage is a risk no matter where the employee is working — at the office or at home — but the risk grows exponentially at home. Another resident of the house can use the employee’s laptop, sharing sensitive data (not always accidentally).

Ex-employees and unhappy workers also present a risk. As stress grows and some people are laid off or furloughed during the economic downturn that comes with this pandemic, there may be an unusually high number of disgruntled and formerly employed persons inclined to leak confidential information.

How can you increase cyber security and prevent data leakage? 

Having the right tech people in place (and consultants on speed dial) to deploy and maintain state-of-the-art WFH networks and protocols will make business life easier, but you should make it a top priority to train employees about good data security hygiene.

Basics of training employees include:

  • A communicated and enforced data security policy (“I didn’t know” should never be a reason for a data breach. It’s about impossibly long and complex passwords. Employees should be trained to spot phishing attempts and other threats of data leakage – and where and how to report potential incidents.
  • Basic training on social network scams and suspicious emails should be mandatory (and not just for WFH employees). Ideally employees should be tested randomly to see if they fall for phishing-style emails.

What does it take to minimize the risk of data leakage in the era of COVID-19 and the number of employees in WFH mode? Nothing fancy – it’s all about planning, execution and testing.

To learn more about how our assessment process can help you navigate through above risks, email me at seknoian@vanbeurden.com or give me a call at (559) 634-7127.

 

 

Sam Eknoian

seknoian@vanbeurden.com

Risk Management Consultant | Kingsburg