Adjusting Data Security with the New Remote Workforce
The ongoing COVID-19 pandemic has changed nearly every aspect of our lives—some more in the short-term and others, permanently. This includes the workforce, which now functions in any combination of in-person, hybrid, and remote. While some companies already had a system in place to support employees both remotely and in the office, others had to scramble to set those systems up in a matter of days.
The Great Remote Switch
When communities started mandating quarantines in March of 2020, organizations had to act quickly to ensure the solvency of their businesses and the economy in general. In many cases, this meant closing offices and implementing a widespread remote worker philosophy and system.
To do this, organizations used a combination of VPNs, antivirus, antimalware, and other security products, as well as the definition and documentation of security and usage policies. These proved largely effective in supporting the continuity of operations and productivity; however, most of these policies and procedures were not constructed with the notion of permanency in mind.
As restrictions were gradually lifted and offices re-opened, the profile of the workforce has dramatically changed, likely forever. Many individuals remained remote or have adopted a hybrid work schedule (a mix of in-office and at-home days). Therefore, it’s good practice to evaluate whether the policies created to address the pandemic-based office closures are sufficient and effective to support a sizeable, permanent remote workforce.
Protecting Data Beyond Office Networks
Sharing sensitive information with external parties, like partners and third-party vendors, has always been a riskier proposition than managing sensitive data usage internally within the confines of offices and core networks. Many organizations maintain stricter policies for the protection of data that leaves their network, often implementing technologies like encryption, redaction, and secure email services to enforce data security.
Considering the post-COVID remote worker dynamic, organizations now recognize that much of the access and use of sensitive information previously designated as internal is now technically external. Employees located outside the core network routinely access, download, and store sensitive data on workstations as a part of traditional productivity workflows. With sensitive data now residing in many locations outside of the core network, it’s reasonable to consider protecting that data in the same way as the sensitive data that leaves the organization’s network.
Building An Arsenal of Protection
Encryption can be very useful when protecting data in motion as it moves from your network and servers to user workstations. Providing automated protection in transit and at rest when it hits the user’s desktop is essential, ensuring only designated users can access the information.
Alternatively, redaction can be used to remove the sensitive data directly from the files themselves, while maintaining the context of the surrounding information. Automatically identifying sensitive information and redacting it desensitizes the files and as a result, removes the burden of protecting sensitive information because it is no longer sensitive.
Furthermore, data protection can also be applied to the workflow processes of sharing information inside and outside of the organization. Email still dominates as the most common method used to share information among coworkers and partners because of its simplicity and ubiquity across organizations. Using encryption and redaction within email can provide an added layer of protection by identifying the existence of sensitive data in subjects, message bodies, and/or attachments—and when found, applying encryption or redaction tools to safeguard the data before it leaves the user’s outbox.
Adding PKWARE to the Workforce
Regardless of which method of protection best suits a particular organization or their desired user workflows, the post-COVID remote workforce reality we live in has changed the dynamic of accessing and using sensitive data. With that comes the strange realization that sensitive data used and shared internally is now subject to greater risk, because internal communications are now truly external.
Ready to start building data security that protects your business in a post-COVID world? PKWARE’s PK Protect data discovery and protection suite is purpose built to protect your data wherever it lives and moves. Discovery can be programmed to run automatically so you’re always aware of what data you have where across the enterprise, whether users are sitting at desks or in coffee shops. Encryption and redaction tools protect data in motion or at rest, and can be tailored to meet any business’ specific needs. PK Protect works in the background, without disruption to your workforce, finding and protecting information designated as sensitive, such as credit card numbers and personally identifiable information (PII), whether it exists on endpoints or large data repositories.