Protecting data in the remote work era

Protecting data in the remote work era

Companies can no longer rely on the security strategies that were designed for in-office working.

Here’s a 9-point plan from SaaS specialist Indusface for keeping company data safe as remote roles rise.

New research suggests that by 2025, 32.6 million Americans alone will be working remotely, equating to approximately 22% of the workforce.

But with such a significant increase in remote roles, how can employers ensure their data remains protected?

The experts at application security SaaS company Indusface have provided their specialist insight to help employers ensure their data remains safe with the increase in remote roles.

Nine ways to protect company data in remote roles

1. Provide company devices

Though it might seem obvious, providing company laptops and phones where possible allows a business to fully manage and secure the devices being used to access company data. Moreover, it is highly recommended that all your devices be updated and encrypted with SSL certificates.

If it is not possible to provide employees with devices, at the very least employers should ensure that workers have access to everything they need to secure their own devices, such as company-provided anti malware software.

2. Scan and penetration test applications

Penetration testing is one of the best ways to protect against data breaches as it simulates real-world attacks on systems, highlighting vulnerabilities that could otherwise be exploited by hackers.

It is especially critical to check for privilege escalation attacks, whereby an attacker will exploit vulnerabilities to access a system or application with limited privileges and then elevate their access rights to access high-level, sensitive data.

Building defences against these attacks will ensure that even when a remote employee’s credentials are compromised, the access to critical applications is limited to the user’s primary role.

3. Utilise VPNs across the business

With data breaches costing businesses an average of $4.45 million in 2023, it is vital to invest in tools that can cover vulnerabilities.

As a defence against the risks that come with employees accessing work materials via unsafe home and public networks, all workers should be encouraged to use a virtual private network (VPN). This software is easy to implement and protects data that could otherwise be vulnerable to attacks over an open network.

4. Deploy a web application firewall

Alongside using a VPN to protect your connection and traffic, it is prudent to utilise a Web Application Firewall (WAF) to protect web applications from attacks.

Employers should deploy an AI/ML based WAF that detects anomalies and blocks illegitimate requests even if they are made through an employee’s credentials that were compromised.

5. Employ encryption software

Encryption software can provide some peace of mind when it comes to the data breach risks of remote working.

Employers should create security policies that ensure all workers, especially remote workers, are aware of how to encrypt files and when it is necessary – with checks to ensure compliance.

6. Strict password management

Ensuring strong password management across the business is a key component in minimising the risk of data breaches.

This includes using automatic password generators to create safe and secure passwords and ensuring passwords are unique – not duplicated across multiple accounts. For sensitive data, employees should always implement multi-factor authentication (MFA).

7. Rigorous access controls

To control access to sensitive data and minimise the risk of a security breach, employers should apply the principle of least privilege over access control – only allowing users access to the specific assets that they require for their work.

Files should be removed when they are no longer needed and access should be revoked as soon as it is no longer necessary.

8. Provide employees with what they need

A major risk of remote working is that employees may implement tools, systems or habits that are not sanctioned by the company to make their jobs easier. This could include using risky apps and tools, sending files via unsecure channels, or storing assets somewhere unprotected.

The most effective way to avoid this risk is to provide remote workers with all the tools they may need to do their job effectively and ensure that they are aware of all the approved platforms that they have access to.

It should be an integral part of security policies to approve web app purchases and free downloads, mitigating the risks that come with using a combination of open-source CMS and cloud-based apps.

9. Fully prepare and train remote workers

Employees can implement endless security strategies, but efforts will be futile unless remote workers fully understand what the procedures are and why they are important.

In 2023, over 352 million individuals were affected by data compromises, highlighting just how critical it is for organisations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they don’t.

And training doesn’t have to be dull, for example setting up phishing email simulators to engage the team and allow them to see the potential dangers in action.

Regular training and guidance will ensure that remote workers are equipped to do everything they can to keep company data safe.

Venky Sundar, Founder and President of Indusface, said: “Remote working means people are working in less secure environments and their devices are more exposed to data breaches both digitally and physically. Many remote workers are using the same device for professional and personal use or even accessing company data on devices shared with other household members.

“Employers can no longer rely on the security strategies that were designed for in-office working; data is no longer just being accessed under one office roof where IT can supervise.

“It is crucial that employers prepare for this new way of working and protect themselves from vulnerabilities. Defences such as firewalls, pen testing and VPNs are more critical than ever.”

Browse our latest issue

Intelligent CIO North America

View Magazine Archive