What happens to work when a global pandemic hits? We found out in 2020. It’s now May 2021 and while it remains to be seen how far the pendulum of remote vs in-office work will swing back, it’s hard to imagine remote work not being a part of how every business operates in the future. The shift to remote changes the nature of work, including:
Communications, a key feature of every employee workflow tool, is an underappreciated source of data breaches and security incidents. And the more workflow tools that are used for communications vs in-person interactions, the more risk there is. Employees are sharing more data (log files, contact lists, etc) for various purposes. Some of this data is sensitive as it is personal and covered under regulations like GDPR and CCPA. Some of this data may contain secrets - keys, passwords, IP addresses, etc.
At the very least, employees should understand the types of data they can share in the different workflow tools that they use. And how the permissions of those tools (channel and document access controls) affect the data they can share.
Support and Oversight of Employees
As work has shifted to remote, employees are operating more independently. Work is enabled by modern communications and workflow apps as discussed above. And employees are able to use those apps largely independently to complete their daily tasks. There are still ways to work collaboratively, but more and more work is done solo in a remote environment, with checkpoints between tasks lengthened and actual interactions shortened.
Employees need more regular touch points on security and privacy practices in a remote world. These can be shorter form content that takes less time to complete but should be delivered on a regular cadence. Additionally, more real world testing, typically in the form of simulated social engineering attacks targeting workflow tools, is important.
Employee Interactions with Data
Employees, working from home or an Airbnb or a coffee shop, are the new perimeter of corporate networks. These employees are connecting to company data using apps over a myriad of network connections. The only commonality is that the employee is the endpoint. Securing those employee connections is yet another challenge for remote employees to solve.
Employees need training on best practices for unknown or public network connections, securing mobile apps, securely storing passwords, and using VPNs. These are all areas where employees should get consistent training.
Remote Changes Everything
The most challenging aspect about securing your workforce when it’s remote is ensuring that your remote workers are in the right mindset to protect data. Having a security mindset is challenging in the office but it’s a lot harder at home or in a coffee shop. Continual, security and privacy related touchpoints help. Some topic ideas for these touchpoints are below.