In a world that has been thrust into working from home, the cybersecurity risks that arise consequently seem to be limitless. According to the 2020 Cost of a Data Breach report by the Ponemon Institute, 76% of respondents whose organizations have shifted to remote work expect that working from home could increase the time it takes to identify and contain a data breach. In addition, 70% of respondents expect remote working to also increase the cost of a data breach. Maintaining data security has become more challenging than ever.
In our previous blog, 7 tips to keep your data secure when working remotely, we discussed how employees can keep their data secure while working from home. Now, let us talk about how organizations can secure data and help their remote workers do the same.
There are four key items for employers to keep in mind:
1. Cybersecurity policy
This should be a no brainer for any organization that wants to take data security seriously. A cybersecurity policy is a must - not only will it act as a guideline for employees, but it will also set rules that will help the company keep tabs on how its data is being handled. The policy should be drafted to fit the remote working regime, and should include things like regular password updates, compulsory encryption of all communications and confidential documents, guidelines on using laptops for office work, and so on.2. Security awareness and training
This is an area that companies should not skimp out on. It is better to spend some time and resources in such programs rather than facing the consequences of a simple mishap, like an employee answering a mail he’s not supposed to. According to an article on Forbes, these are the 3 concerns and hazards of remote work: home WiFi security, phishing scams, and insecure passwords. Furthermore, these are the four signs of a cyber breach that employees should look out for: the appearance of new programs that were not installed, slowing down of the computer, appearance of strange pop-ups on the screen, and the loss of control of the mouse or keyboard. With the help of a security awareness and training program, employees can be more aware of the various security incidents that can occur and how to deal with them appropriately.
3. 24/7 support team
Despite having a cybersecurity policy and regular security awareness and training programs, employees are still susceptible to cybersecurity incidents.
During the height of the Coronavirus pandemic in April this year, cybersecurity company Tessian surveyed 1000 workers in the UK and 1000 workers in the US to compile its ‘Psychology of Human Error’ report, which reveals how stress and distraction led to people making mistakes at work. The report exposes a worrying statistic, where nearly half of the employees (43%) say they are “very” or “pretty” certain they have made a mistake at work that had security repercussions for themselves or their company. Mistakes can cause significant damage to a company’s reputation, bottom line, and future. In fact, 88% of data breaches are caused by human error. That’s why we often hear that humans are the “weakest link” in security. But, this is not the case. People are an organization’s most important asset, and businesses must find ways to protect them, while enabling them to work securely. Hence, an IT support team that is available around the clock is a necessity, especially now.
4. Data security technology
The last and the most essential item on the list is implementing the right technology to secure data. People and processes are not enough – technology-enabled data security measures like data discovery, data masking, data minimization, and data monitoring are a cornerstone to a robust IT infrastructure.
Remote work brings a shift in responsibility towards employees to protect data. Therefore, employers need to pull out all stops to facilitate their workers to follow best practices when it comes to data protection.
The MENTIS platform comprises a comprehensive solution that protects sensitive data along its lifecycle in the customer’s systems - providing capabilities from sensitive data discovery, masking, and monitoring to data retirement. Engineered with unique, scalable architecture and built-in separation of duties, it delivers comprehensive, consistent, and reliable data and application security across various data sources (mainframe, relational databases, unstructured data, big data, on-premise, and cloud).