“The pandemic — and the reality of many employees working from home — has added a new level of complexity around data loss protection, regulatory compliance, and governance. Employees are working in less secure and controlled environments, often close to family members or roommates, and working more fluidly across multiple communication channels. Even the most well-intentioned professionals are likely to be more prone to potential compliance breaches.”
Clearly, the COVID-19 pandemic made a paradigm shift in the way—and more specifically, in the place where—employees perform their work. Although there were expectations that after the end of the pandemic, workplace arrangements would get ‘back to normal’, few anticipated that the newly inaugurated, widespread, remote-work arrangements would themselves become the new ‘normal’.
The post-pandemic reality is that today, just under 60% of employees who have the work-from-home option for part or all of their work have opted to do so, as opposed to just 23% of employees taking that option prior to the pandemic. A natural by-product of the remote work arrangement has been an increase in information shared via home networks and a blurring of the lines between personal versus work devices and work environments. Sensitive business information has not only become more vulnerable but, in fact, more often compromised. We will examine the increased data loss risk brought on by the newfound remote work arrangements.
BYOD and Risk
In some cases, the employer provides all of the hardware that an employee will need in order to work from home; but in other cases, the employer depends upon the employee to use his or her own equipment (‘Bring Your Own Device’) whether that means, desktop computers, laptops, printers, or internet connectivity services and devices. Even where the employer supplies the employee’s computer, that still oftentimes leaves the weak link of an unsecured home WI-FI network as a serious data loss vulnerability.
Although IT managers at the workplace can usually stop scammers before the material reaches company computers through the installation of sophisticated firewalls and other protections, employees working at home are more likely to be scammed by innocent-looking social engineering scams, thereby allowing data risk not just to their own family data, but also that of their employer. In fact, in 2021, there was a 270% increase in ‘social engineering’ occurrences including email phishing, phone calls (vishing) and text (smishing) scams. Phishing attacks alone were up by over 50% that year.
Failure to Update
Data loss analysts have also determined that although workers onsite are more disciplined in adhering to strict security protocols, remote workers tend to be more lax about such safeguards. In addition, the employer likely keeps all apps updated so as to further protect against cybersecurity threats, whereas home workers infrequently respond to update notifications in a timely manner. Research has shown that 36% of remote workers delay installing software updates, and a mere 34% acknowledged that they properly adhere to company cybersecurity guidelines.
The combination of unsecured home networks and out-of-date software creates exposed gateways for cybercriminals to access personal and also company networks.
Who and What Are the Targets?
Research conducted by proxy server provider, Proxyrack, determined that the United States (perhaps not surprisingly) is the number one most-targeted country for data breaches, with an incident rate of 7,221,177 per million people. The U.S. is followed by the ‘Middle East’, with UAE and Saudi Arabia being the most targeted in that region and Canada landing in the number three spot.
As to industries affected, the healthcare sector is far and away the most targeted industry, followed by the financial sector and then pharmaceuticals. Healthcare data breaches cost an average of $9.23 million, the highest figure among any industry surveyed, and in the financial sector, data breaches cost an average of $5.27 million. But beyond the adverse financial impact, data loss also results in reputational damage with loss of customer confidence and loyalty, thereby also hurting the compromised company in the marketplace.
So, in an era of increased remote work arrangements and the concomitant increased risk of data loss, is there anything an organization can do to eliminate or at least mitigate the loss? Experts point to several steps that, in combination, can greatly reduce data loss arising from remote work arrangements:
Data Governance: Implementing and enforcing data governance rules and protocols is essential to addressing cybersecurity weaknesses. Employees must be made aware of the company guidelines, and such devices as two-factor authentication and enhanced access permissions must be put in place.
Cybersecurity Training: Employees working from home need to be trained in ‘best practices’ regarding the handling of confidential data. Among those best practices is the regularly scheduled change of password regimen.
Cloud Storage: Both stored data and data operations should be cloud-based as a means of maintaining a cybersecure infrastructure that is not dependent upon individual devices, whether employee-owned or company-owned.
Lastly, regardless of whether employees are onsite or working remotely, investment in the latest technology to protect against the latest threats cannot be overemphasized. Hackers, ransomware criminals, and other culprits have at their disposal the training and the tools to wreak havoc with your organization’s data. According to a 2022 study conducted by IBM and the Ponemon Institute, organizations with fully deployed security AI automation experienced an average data breach loss decrease of $2.90 million, and the duration of the breach was also reduced, taking an average of 184 days to identify a breach and 63 days to contain it, compared to 239 days and 85 days respectively for non-automated systems.
By implementing the most up-to-date technology and software solutions, businesses can continue to benefit from the remote work cost advantages without suffering the increased risk of data loss.
How has the increase in remote work arrangements impacted the risk of data loss?
The risk of data loss has increased dramatically as remote employees make use of less secure equipment and internet connections and thereby expose sensitive and confidential employer data to cybersecurity threats.
The Path Forward
Employing cybersecurity protocols for employees and investing in advanced cybersecurity technology for your organization’s systems, regardless of location, can reduce the risk of data loss.
If your organization does not already have in place sound data governance policies, the same must be instituted at once before offering remote work options to employees.
Enforcement of Guidelines:
Employees must be fully trained in such matters as who can use computers that are connected to your organization’s system, and firm authentication protocols must be in place and enforced.
Aside from limiting who has access to sensitive information, even those with access granted must have two-factor authentication protocols in place, and a change-of-password monitors must force regular updates.
Sensitive data should be stored on secure cloud servers and not on local devices, and certainly not on any employee-controlled device.