Immediate Remote WorkforceThis rapid transition to a remote work force caused a surge in laptop sales 2, an upheaval in the video conferencing industry and major issues for those responsible for managing and protecting a corporation’s data. Companies instituted secure VPN’s to protect outside access to company data, but many employees downloaded and stored corporate data on their home computers. These home computers included assigned company laptops but a vast majority of data was downloaded to employee’s personal IT assets. Just like data at rest on mobile devices, data stored on home computers has become a nightmare3 for Chief Data Officer’s (CDO) and may not allow organizations to adhere to internal data security policies.
Data Security ConcernsManaging the security of data on employee’s home computers is still the responsibility of the corporation. HIPAA and FISERV penalties will not be alleviated because a company had to insititute a remote workforce. These penalties range from minor infractions requiring a warning to magor data breaches that could cost a company millions of dollars in fines, legal fees and a loss of brand value. Companies recognized that data on employee’s home computers can become vulnerable if any of the following issues occurred:
- Employee sells or donates the computer without wiping the sensitive data.
- Hackers gain access to the home network and to the sensitive data.
- Employee allows others to use the device and the data is exposed.
- Data is saved to other systems the employee only has access to.
- Data is mistakenly sent to outside parties.
- Employee family members allow others to have access to the computer.
Data Security RecommendationsThese are few of the issues that could make data vulnerable. We recommend that the data management team closely look at how data is managed by remote employees and find additional methods that data can become accessible. Once this review is complete, organizations should institute guidelines on how an employee should handle and protect a company’s data. The regulations could include the following and any additional guidelines recommended by the data management team:
- Limit/Forbid data of any kind to be stored on computers not owned by the organization.
- Require secure passwords on all home devices.
- Require the wipe of home IT assets (and proof of erasure) when the employee no longer works remote.
- Require a secure password on all home wifi networks.
- Do not allow friends or visitors access to home wifi networks.
- Limit/Forbid anyone but the employee to access computers storing company data.