A New Paradigm Employee Safety should not compromise data security

A New Paradigm Employee Safety should not compromise data security

As work from home becomes the new normal, organizations are rushing to keep up with data privacy and compliance regulations. This is the first post in a three-part series about how HDLP (Host Data Loss Prevention) can help your organization for remote working employees.

Employee Safety should not compromise data security

The healthcare crisis has made remote work the new normal for almost all organizations around the world. While work-from-home is not new to the software sector, having the entire organization to do so is unprecedented. Work from home security is still not as robust as it should be. Imagine the security requirements for organizations that prioritize data security and compliance for their clients and have hundreds of controls in place even while employees are working within the office network that is equipped with their own firewalls and other security measures.

The crisis that has been unfolding in front of us requires social distancing and isolation which has necessitated employees work remotely from their homes. Organizations are placing employee health as a priority so they can work from home. But this means weaker security for data that would normally be secure within the organizational environment. Employees are connecting, collaborating, and chatting in new ways to maintain productivity and business continuity even in the face of such challenges. Though commendable, we do have to prioritize work from home security.

There is a complete lockdown in many countries, which may be extended as necessary in the future too. The uncomfortable but a true fact is that most organizations will not be prepared for their endpoints security with regards to data protection, data integrity and data compliance regulations.

There are additional risks that can aggravated in these trying times such as:

  • Data theft by a disgruntled employee
  • Data breach by a long term employee
  • Sensitive corporate data shared on public domain
  • Sensitive corporate data shared with third parties

It is not just a question of trust with employees but also ensuring that client data entrusted to your organization is uncompromised for any reasons such as data leakages, IP theft, or even data harassment.

What is Data Loss Prevention (DLP) and Host-DLP?

Data Loss Prevention (DLP) solutions are designed to eliminate the risk of sensitive information leaving the organization. DLP protects data use, data in motion on your employee network, and also data at rest in the data storage devices such as office laptops, mobile phones, and tablets. DLP monitors all the data to protect it through thorough inspection and a contextual security analysis to ensure complete compliance with organizational data security policies. DLP identifies business critical data that is confidential and recognizes any violation of organizational and regulatory policies. It provides a centralized framework to not only prevent unauthorized use and transmission of your sensitive client data by external threats but also against inadvertent employee mistakes that can put your organization at risk. Host Data Loss Prevention is the use of tools to stop intentional and unintentional removal of organizational data by employees or third parties through host systems. Work from home security can be compromised in any of the following ways:

  • Employees sharing data via their personal email
  • Employees sharing data via their personal drives like Google Drive and Dropbox
  • Employees performing data transfers through SSH, FTP and RDP outside the organization’s purview
  • Employees storing the confidential data such as customer details on USB drives
  • Employees sharing the information like access credentials with third parties with malicious intents
  • Employees deleting the data by accident
  • Employees storing the details via Screenshots
  • Employees sharing the details with third parties like freelancers and agencies without understanding security implications
  • Employees giving their mail access to third party platform (like OAuth Logins)
  • Employees using social media to share information with other parties

Whether intentionally or inadvertently, any of the above scenarios can have serious implications for your organizational security and reputation. That is why, in the context of work from home security, it is imperative for organizations to have Zero Trust policy.

Work from Home Security Essentials

Most organizations have sensitive data that should never leave the organization. But their data protection strategies are mainly focused on organizational network level, further enforced by preventing employees from accessing data outside their strictly regulated environment.

The truth is that most organizations are not prepared for all their employees working remotely. This has been the most efficient way to handle cybersecurity for data-sensitive organizations to ensure zero compromise. But this data is at serious risk in the chaos of adopting new procedures and policies on the go.

Employees across all levels are logging into company sites, participating in online meetings, and interacting with sensitive computer data through their home networks and mobile phones. Away from the scrutiny of the office network, employees may use new software to make it easy to work that may not be authorized. Moreover, malintent too is always a threat in organizations of any size. Here are some of the types of data categories that can be leaked by or through employees:

Corporate Data

Transaction Data

Customer Data

Personally Identifiable Data

Price/ cost lists

Bank payments

Customer list

Full name

Target customer lists

B2B orders

Spending habits

Birthday, birthplace

New designs

Vendor data

Contact details

Biometric data

Source code

Sales volume

User preferences

Genetic information

Formulae

Purchase power

Product customer profile

Credit card numbers

 

Process advantages

Revenue potential

Payment status

National Identification/ passport numbers

Pending patents

Sales projections

Contact history

Driver’s license number, vehicle registration number

Intellectual property

Discount ratios

Account balances

Associated demographics

Unreleased merger/ acquisition plans and financial reports

 

Purchase/ transaction history

Preferences

Legal documents

 

Payment/ contract terms

 

Employee personal data

 

 

 

In the next post, we shall examine the right approaches to addressing these work from home security issues.

Here’s how to face those challenges successfully

author
imran
Imran Iraqi

Principle Technology Advisor - Cloud, Cloud4C

A Futuristic leader in Cyber Security & Enterprise Architecture Strategy with zeal for creating new business initiatives to rewrite the rules of the game. He has been instrumental in industrializing cloud base vertical specific solution models for highly regulated environments with focused on privacy required in Financial services. Imran has championed the cause for cloud adoption and has been a key influencer to address the myths and de-risk the roadblocks in client transformation journey. Imran introduced Zero Friction Transformation Services for industries to tide the waves with a frictionless experience address Strategy-to-Operations. Cyber Defense and Resiliency are his favorite subjects and has been representing various industry bodies and forums as part of his professional commitment.

You can reach him at https://www.linkedin.com/in/imran-iraqi-cisa-cism-crisc-cdcp-3633078/

  • 2061