The pandemic cannot be the sole reason for increased remote work for the past decade; organizations have allowed employees to work remotely, given the fact that work delivery has not been affected
More employees were provided with optional remote work more applicable in their organization, in the last few months than ever before. The pandemic forced a sudden shift of the entire workforce to the remote set up to ensure uninterrupted productivity.
The businesses that previously had remote work policies were at an advantage compared to enterprises that had resisted the idea and were at an increased risk of compliance and data security.
Unintentional data exposure by employees puts the entire enterprise at risk for a data breach; and the second-highest risk is misplaced devices.
Risks greater than the remote work environment
CIOs agree that many organizations have already started shifting back to on-premise, yet many are still considering if WFH will become a more acceptable permanent proposition. Remote work does increase the risks relevant to data protection; due to relaxed security measures from employees during WFH or the rising risk of external security attacks.
Even with all security measures, the event of sensitive data leaving the corporate network is open for a potential security breach.
CIOs say that employees are often tempted to use personal systems for official work during remote work. Organizations have increased the need for video conferencing software or document sharing tools. Enterprises must take responsibility for securing data, even before it is exposed to risk by employees.
Securing the data
Security leaders point out that even when employees are working remotely, GDPR has clear guidelines for data encryption. Every organization is required to comply with Article 32 and Article 34.
The latter is meant to reduce the impact on an enterprise that comes under a security breach; thus, it makes obsolete the requirement to inform each individual affected if the data is encrypted and unintelligible.
GDPR also allows reduced fines where the enterprise has taken responsibility and prevents any damage inflicted on data subjects. Enterprises can defend themselves in an attack where they will be capable of displaying the encryption protection practices.
CIOs say that enterprises have increased the use of endpoint and encryption control. Most organizations now require mandatory encryption of all data held on the removable media. Organizations with more sensitive data are pushing for complete encryption of all data as standard.
Security leaders acknowledge the value of encryption; however, it is an ongoing practice and needs to encompass all devices. This is important as a high volume of data is now shifting beyond the corporate framework.
The significant value of encrypting data
CIOs say that hardware encryption offers higher security as compared to software encryption. Additional protection is provided by hardware encrypted, and PIN pad authenticated USB storage devices.
Security leaders believe that removable storage devices with in-built hardware encryption can be rolled out by the enterprise across the entire workforce. It will ensure that all data is stored and transferred around offline quite safely. Even if the device is stolen or lost, the data will not be understandable to someone not authorized to have access.
CIOs believe that organizations need to identify and analyze the data to be protected. Understand where the data is stored and the mode of transport; it is important to ensure that it is encrypted at all points of its lifecycle.