Data security considerations for the future of remote work

When employees around the globe transitioned to working from home in 2020, many organizations had to put solutions in place quickly that kept them connected to the business, their customers and one another. But, due to the rate at which they were forced to adapt, there were difficult trade-offs that had to be made in the short-term to accommodate immediate business needs. Perhaps most notably, cybersecurity was oftentimes deprioritized in favor of expediency.

In the early days of the COVID-19 pandemic, nobody knew how long the situation and its impacts were going to last. The trend was for organizations to disproportionately focus on risk mitigation and stop-gaps to retain business continuity. Oftentimes, companies resorted to unencrypted videoconferencing technologies, employees used personal devices with unsecured logins and unapproved apps and file-sharing tools, and risk policies were relaxed or ignored under the extenuating circumstances.

Two-years later, the effects and consequences of these actions and decisions are increasingly coming to light. And, with remote workforces having become a long-term reality for many, it’s critical for organizations to develop better solutions for data security.

The ultimate stress test

According to a CNBC survey, more than half of IT execs had never stress-tested their cybersecurity infrastructure prior to COVID-19. At the same time, cyberattacks, phishing attempts and scams are “growing dramatically” — especially amongst organizations where secure networks aren’t already in place.

TELUS Digital had been building out the company’s infrastructure to accommodate a remote workforce well before the pandemic and was able to quickly pivot its global team to work from home using secure devices and networks. But the reality is that not every organization was set up to do the same. And there’s only so much a company can control, technology-wise, when team members are working from home. A study by Trend Micro of more than 13,000 remote employees across 27 countries found nearly four-in-ten used personal devices to access corporate data, often via services and applications hosted in the cloud.

Bring-your-own-device (BYOD) strategies, if not thoughtfully implemented, can present tremendous risk to all parties involved because they create new vulnerabilities that hackers can use to gain access to corporate data. Any company that implemented BYOD as a knee-jerk reaction to COVID-19 inherently accepted its risk, which if it hasn’t already, may still lead to negative impacts.

The good news: Organizations have an opportunity to rebuild their remote work model in a way that protects all parties involved going forward.

A ‘human firewall’

Thinking long-term means prioritizing a cybersecurity reassessment. Companies should start by identifying the gaps in their security protocols and structures, and catalog temporary solutions that were put in place.

Now more than ever, it’s important to recognize that your team members need to be your greatest ‘human’ firewall. That means doubling down on security awareness training and keeping them informed about evolving threats. Don’t forget, they’re the frontline and the best line of defense.

One effective tactic is to run phishing simulations to measure at-home performance versus in-office performance, and use that as a teachable moment to talk about what could have happened. Educating your “human firewall” on the threats is the first step in building out a longstanding blueprint for secure remote work.

Protecting the network

Setting out an extensive cybersecurity policy for remote work that identifies BYOD best practices is a vital part of long-term planning. You need to ask: Is your virtual network protected? Do you know what remote team members have access to?

A sensible way to think of BYOD is when the secure computing environment never extends to the home. Therefore, if the home has viruses or an insecure connection, the data stream and the data access is all insulated and protected from that.

And finally, know when to let go; take a step back and look at all the tools you have and what can be outsourced. Companies looking for help can move beyond mitigation to the transfer of risk. Whether outsourcing comes in the form of public or private cloud technology, or a hybrid of both, transferring that risk means transferring your cybersecurity obligations to a well-regarded and respected partner.

A new opportunity

Remote work isn’t a new concept; some organizations have slowly been incorporating aspects of it into their operations for a while. COVID-19 merely accelerated its more widespread adoption. This point in time is a key opportunity to demonstrate that remote work can be secure with the proper planning, implementation, technology and expertise.