fbpx

Many companies are rethinking their long-term work from home strategies. Photo by Sergei Wing on unsplash.com.

With the work-from-home trend that exploded as a result of COVID-19, cybersecurity has become a more concerning issue than ever. Previously regulated technology that was secure in the workplace has found its way into unknown realms. When tech containing proprietary or sensitive data “goes home,” it’s challenging to monitor exactly where those remote employees are using their hardware and how they secure it when they log off. This has opened up an entirely new channel for cybersecurity issues and increases the risk of hardware theft or misplacement.

Now that we are entering our third year of a pandemic, many companies are re-thinking their long-term work from home policies. Some companies have even told employees they can work from home indefinitely. But sometimes the emergency measures that originally allowed employees to work from home during a “temporary crisis” aren’t feasible long term.

For those companies that now realize their workforce is going to look different permanently, it may be time to plan for having longer term technology initiatives that allow remote work while still maintaining control, security and confidentiality over your infrastructure. Here are some suggestions to help businesses accomplish that.

Asset inventory
One of the fundamentals of managing your security is maintaining a clear and up-to-date inventory of all of your company’s assets. This can be surprisingly challenging, especially when your company is older, has infrastructure in multiple locations or has a workforce over 100 people. 

During the pandemic, many companies relaxed rules around using personal devices for work functions. Security is often compromised by this practice, because it makes it more difficult for companies to know the full extent of their “endpoints” and can leave these computers invisible to teams that should be monitoring them for issues. 

In the future, companies should take a proactive approach to their hardware policies, ensuring employees receive company-issued computers with the appropriate security controls available. For any devices subject to a Bring Your Own Device (BYOD) policy, companies should also revisit these rules, with a focus on whether they can have tools in place that protect sensitive data on a much wider and more varied group of endpoints. 

Data handling
Employees with access to sensitive data have more to worry about when they work from home. Network and hardware security controls that diligent security teams put in place for an office building aren’t there as a buffer against some common threats. 

Companies will need to rethink how they accurately classify their riskiest assets – in terms of intellectual property, access and the level of privilege the employee handling the data needs to have. For instance, for more sensitive types of data, companies may want to ensure they have the ability to wipe systems of data remotely if an employee’s machine is ever lost or stolen. 

Asset disposal
Companies that are moving out of significant real estate locations will have a lot of hardware to dispose of. As we saw last week, regulators will fine companies that allow data leaks during these large-scale tech shifts, and litigators will also be watching for mistakes companies make on disposing hardware. 

Make sure that you have a solid plan for getting unused assets disposed of properly, as well as a way to make use of existing hardware in a way that can save money.

For some additional tips on creating an asset inventory and taking better control of your technology assets, the Cybersecurity and Infrastructure Agency has additional resources for businesses of all sizes at cisa.gov.


 

Kate Fazzini is CEO of Flore Albo LLC, an adjunct professor of cybersecurity at Georgetown University, author of Kingdom of Lies: Unnerving Adventures in the World of Cybercrime and has served as a cybersecurity reporter for The Wall Street Journal and CNBC.

John Shegerian is co-founder and Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company. Business Journal readers can visit eridirect.com/insecurity-of-everything-book/ to receive a free copy of John’s new book, The Insecurity of Everything.

 

 


e-Newsletter Signup

Our Weekly Poll

Do you think Valley Children's Hospital will lose financial support due to CEO pay revelations?
119 votes

Central Valley Biz Blogs

. . .