With data collected by the Office for National Statistics (ONS) indicating that almost 50 per cent of Great Britain’s workforce was working from home in mid-April, and with many organisations looking to consider permanent remote working models as the lockdown eases, the need to effectively manage a secure and compliant remote workforce is increasingly vital.
Yet, that mass migration to working from home has inevitably made achieving these goals more challenging. Of the 2,000 home-working British people surveyed in recent research by IT support company, ILUX, for example, one in ten believed that their expected working practices are not GDPR compliant.
But the issue is not just about GDPR, it is about compliance and security more generally and it is also about support. As James Tilbury, managing director at ILUX, puts it: “Asking employees to work from home and then not providing the right computer systems and security measures is a recipe for disaster. The last thing any business needs at this time is to lose valuable data, leave themselves open to cyber-attacks or phishing and leave themselves vulnerable to the unknown.”
In ensuring compliance, it is critically important that businesses provide their employees with the right computer systems and security measures. If possible, they should not be using their own personal devices for work purposes. However if they do, IT needs to be able to verify the readiness of these devices to be connected to the corporate network. If they are working on the organisation’s network through a secure VPN, their business will be able to secure all the endpoints on their network to ensure they’re patched and secured properly to mitigate the risk of a data breach. They can integrate the right security including anti-virus, anti-malware and back-up. They can ensure routine, reliable (and encrypted) backup and recovery as part of a complete layered security approach.
Remote solutions can also be key in ensuring security remains tight and in enforcing compliance. Dark web monitoring is one example. Keeping an eye on the Dark Web is prudent because it’s the most likely place for bad actors to get the illicit password lists, stolen logins, ransomware, and hacking software that are the tools of their trade. Reams of sensitive personal and business data are also available on the Dark Web to bolster phishing attacks.
That’s why dedicated Dark Web monitoring is a smart choice. A quality Dark Web monitoring service can quickly get experts to hunt through the Dark Web and discover if a company’s data or passwords are in circulation, enabling businesses to prevent a problem from becoming a catastrophe.
Compliance reporting remains key in this context also. Under GDPR, organisations are responsible for how they manage and protect the privacy of EU citizens’ user data (Article 5). Organisations need to ensure they choose backup, recovery and cloud software solutions that provide robust compliance reporting built into the user interface, including outage impact predictions and comprehensive data recoverability reports that are available in formats that can be shared with leadership or auditors.
Businesses should remember too that compliance should not just be imposed from the top. Working from home can be too comfortable sometimes. Relaxing the dress code can encourage workers to relax their standards, creating potentially expensive compliance disasters. Many industries have adopted strict compliance standards for the secure storage and transmission of sensitive data, with equally burdensome penalties for failure. Enforcing compliance can be a challenge when a company’s workforce isn’t centralised.
It is important that organisations don’t give staffers the opportunity to fail at compliance – and don’t give regulators a reason to come calling. Instead, they need to automate compliance as much as possible to make it easy for compliance specialists to ensure everyone is meeting the necessary standards. An automated compliance assistant can also have a key role to play in keeping up with the minutiae of changes to regulations so that no detail gets overlooked; making sure that everything is ship-shape and alerts staffers to potential issues quickly.
Becoming fully remote ready is not easy for any business of course. But in terms of becoming compliant and secure, there are several steps they can take to help streamline the process. Creating smart policies and backing them up with the right solutions will help businesses to rapidly mitigate risks to their systems and data and remain secure in this new remote working world.
Chief Strategy Officer
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.