What is the data protection strategy for remote workers in your organisation?
Most organisations are using cloud services to manage their CRMs, email marketing, HR management and internal document storage systems. With remote working, employees are accessing these services online from home networks, the same home networks that their kids are downloading content and streaming on. They’re also likely to be using the same devices to work and conduct personal activities.
There is probably a strong feeling that it’s much harder to control the flow of data in and out of your organisation than it ever has been.
How do you make sure the data of customers, vendors, partners, clients are all protected as they flow from your internal network to the cloud and then to the home networks of your employees?
Learn more about our top 9 tips on data protection now.
Data Protection Tip 1 - Single Sign-On
One helpful security tool is Single Sign-On or SSO. SSO allows your employees to log in to multiple different cloud services using a single set of credentials. Simply put, this means that there is only one set of credentials for employees to remember.
This reduces the risk of employees keeping passwords on post-it notes, in notebooks or creating very easy to remember passwords - which translates as, easy to hack!
Data Protection Tip 2 - Multi-Factor Authentication
Multi-factor authentication or MFA can be paired with SSO to create an additional layer of security. If passwords are cracked or exploited by hackers, there is still an additional factor, like a fingerprint, a smart card or an SMS code.
Data Protection Tip 3 - Email Gateways
SSO and MFA help when employees are accessing and downloading data from the cloud but it doesn’t protect the data if it’s travelling from server to server via email. So, what needs to be done here?
Email security gateways can sit on top of existing email solutions such as Outlook and act as a barrier to check incoming and outgoing mail. Incoming mail for phishing, domains and spoofing, outgoing mails for sensitive data and compliance.
Data Protection Tip 4 - Bring Your Own Device
Organisations of all sizes should make sure that employees are not using personal devices to work. It can be costly for the young business but it’s certainly a worthy investment to avoid larger regulatory fines and huge reputational damage that can come from a data breach.
A great advantage of having internal devices is that you can configure them and manage them through your internal network.
Data Protection Tip 5 - Security Awareness Training
Just because employees are working from home, doesn’t mean that training has to stop.
Organisations should be conducting regular training sessions to remind employees of the correct procedures when handling data and ensure they’re aware of the consequences for the organisation if data is breached or mishandled.
Data Protection Tip 6 - Phishing Simulation
Good training can be married to phishing simulation software.
The software sends fake phishing emails to employees so you can monitor how well your training is doing and flag up any employees who are repeat offenders and might need retraining.
Data Protection Tip 7 - Proxies and VPNs
For enhanced security, some organisations may wish to reroute internet traffic from employee devices to the internal network using a Virtual Private Network (VPN) or a proxy server. There are still potential security issues with this and so it should be backed up with good privileged access management and email security too. It’s not a silver bullet!
Data Protection Tip 8 - Physical Security
Have you forgotten about your office? If all your employees are working from home, who is taking care of your server?
An organisation should have a clear idea of who is responsible for server and network management as well as ensuring that they have the right physical protections in place to be aware if there is any unwanted physical access to their networks. Don’t let this oversight be your downfall.
Data Protection Tip 9 - A Rounded Approach
Cultural changes need to happen from the top down, so if you’re a C-Suite executive reading this, the buck stops with you!
C-Level execs need to be at the forefront of best security practices and remote work if they want to make it work well with their employees. There should be a clear strategy for change with clear rules laid out to employees. If the rules are clear and employees break them, managers can deal with the repercussions but if rules aren’t clear and the training isn’t there to back it up, then blame for employee mistakes lies only with those who failed to sufficiently train them.
How Pie Security Can Help Improve Your Data Protection Strategy
We’ve laid out some clear strategies here to get started and while they do require investment, they will certainly impact your bottom line in the long run.
Still don't know where to start with after reading our blog post? We are here to help!
Pie Security's no-risk email encryption solution works with any SMTP compliant email system, including Microsoft Exchange, Google G Suite email and Office 365.
Find out how our solutions can help now.