When the COVID-19 pandemic made “business as usual” impossible, many businesses and organizations were caught unprepared. The companies that previously migrated their services to the cloud or had most (if not all) of their employees working remotely may have experienced some disruption. Still, many of their non-cloud-based counterparts suffered a few transitional tidal waves.
Most of these organizations did not have a protocol in place for how to address remote data access for the times we now know as “uncertain.” The lack of a plan is compounded by the fact that too many organizational leaders did not think through what was necessary for data access. Likewise, many didn’t consider how outdated or inappropriate license agreements could impact them or how to protect the information generated by the remote employees. Learning how to manage the risks associated with remote work is crucial, especially during a pandemic.
With that in mind, let’s take a deeper dive into three primary issues that can affect how organizations provide secure resources and manage data access across remote and dispersed teams. First, though, let’s look at managing organizational risk.
There’s an art to the science of working remotely. Remote work can represent a complete overhaul of the way business is traditionally done within your organization. While the shift to remote work is littered with potential changes, one thing is inherently essential: protecting your resources’ security, specifically your (and your clients’) data. It’s always important to consider the following:
Lack of security policy + lack of technical controls + actions of remote employees = risk
Keeping data safe, especially while your team is remote, requires a combination of education, technical solutions, diligence, and proper protocols to ensure employee access and operational integrity.
While service departments can quickly identify how much of their software and application licenses are current on devices managed in-office, the use of personal technology in the home for work-related purposes is not so easy to track. It is vital to limit risk to the organization in terms of licensing and security.
If you’re using unlicensed software or violating a software licensing agreement — even if your remote employees download or use unauthorized software to complete their work — your business is at risk. The impact of a licensing violation lawsuit on a small, underinsured business can be devastating.
According to the Business Software Alliance, as much as one-fifth of all software in use today is pirated. That number is lower at large enterprises, which, for several reasons, tend to use unlicensed software less often than small businesses. These larger enterprises buy far more software licenses, which means they can negotiate bulk-priced deals with software makers. Regardless of your organization’s size, it’s smart to invest in procedures and systems to monitor software usage and make corrections and changes to any issues that you identify.
Too often, executives and managers think IT takes care of everything in cybersecurity, but this isn’t the case. IT provides employees the parameters for navigating cybersecurity. There’s a certain level of self-governance required on the part of those participating in the organization. Employees are one of the greatest threats to the security of your data and resources within the organization. Thus, they must receive regular training and stay informed on any updates to security policies. Frequent communication with them is essential.
Besides training, tools — including antivirus software — on every device are necessary. Requiring a VPN is essential and standard practice. Next, prioritize version control and updates to the VPN, as those who use a VPN are likely using an outdated version. The VPN should be used on both personal and work devices.
Ultimately, your organization must ensure that the only people who have access to your data are those you want to have access. One of the most durable and efficient solutions to accomplishing this goal is requiring everyone in the organization to use a password manager and multifactor authentication (MFA).
It’s a well-known fact that people use the same password over multiple devices and programs. Multifactor authentication establishes a user’s identity by first mandating a username and password. Then, to obtain access to the data, the authentication process requires another piece of information, such as a code that is sent to the user’s mobile phone or requiring the individual to answer a question only they know the answer.
The benefits of MFA are many. However, the protection against hacked credentials is most significant. If someone with malicious intent acquired your credentials, they would need the code/extra verification step to access the data or resources.
Very little of what is discussed here boosts your bottom line or improves your quarterly results. However, when the above factors are weighed against the health of the organization and the integrity of its data, these tips and tactics is time well spent and worth taking. Consider these efforts preventative; the costs of data breaches or compliance violations are far too severe to take a lax stance.
IT leadership may need to lead these efforts, as business or operations-side leaders might be too used to “letting IT handle it” — especially if necessary purchases and process adjustments are left unfinished.
When undertaking these efforts, it is also critical that new processes and solutions are designed with both the short-term and long-term in mind. Just focusing on a Band-Aid, for now, requires a lot of resources to risk similar problems in the future with the next surprise.
Done right, addressing COVID-19’s challenges, offers an opportunity to improve your standard processes, security, and operations for greater efficiency and better preparation for future surprises.