by Ian Pitt, Chief Information Officer, LogMeIn
Today we celebrate Data Privacy Day, a global effort to generate awareness around the importance of privacy. The motto for this year, “Own Your Privacy,” hits close to home. From nearly a full year of remote work and the exponential increase in online activity, to threat actors leveraging COVID-19 scams and more data breaches than ever, we have to look at privacy under a magnifying glass and really dig into the steps we can take to keep data secured – for our organizations and ourselves.
The transition to remote work last year showcased how prepared, or unprepared, companies were to step into a fully remote workforce. In fact, 82% of IT teams felt they were somewhat or very prepared for this transition. However, that shift opened the door for other security, technical, and productivity challenges as managing the ‘home office’ required more time and resources than anybody anticipated.
Protecting data in the new enterprise perimeter
Prior to the pandemic, nearly 75% of employees worked in traditional office settings. As a result of COVID-19, this paradigm has shifted greatly. Over the span of a few months, 65% of employees shifted to remote only. Nearly a year later, it’s clear that remote work is here to stay – with many companies making a permanent shift to remote work and others adopting hybrid models, the conventional physical office perimeter dramatically changed.
As employees worked from different locations to maintain business operations, threat actors didn’t fall behind. With these changes, they adapted their tactics to capitalize on employees’ new locations. For many organizations this meant transitioning away from traditional controls to protect corporate resources and finding new ways to protect their data.
From improving identity and access management strategies to implementing further security within the new channels and communication tools, many IT and security leaders need to dive deeper into their plans for this year and beyond. Here are some of the key steps organizations should address to ensure data privacy and security:
- Don’t forget the basics. Having the best collaboration tools and security software won’t be of use if basic security hygiene is not followed. In fact, many threat actors exploit the most known vulnerabilities for which patches are available. To mitigate any potential issues, make sure all software deployed is updated; regularly update firmware and anti-malware and ensure your data backups are up and running. Additionally, with a distributed workforce it is more important than ever to track all applications being accessed and have this be a part of the cybersecurity program, as many threat actors target unattended apps.
- Make security culture a priority. Often, the human element is the weakest link within a security program. Employees are known for falling complacent in their own online security. By failing to change default passwords or using the same credentials across multiple accounts, they leave the door open to threats. This is especially true when no emphasis has been made on security awareness. Keep your employees educated on what is confidential and sensitive data, and the steps they can take to protect both their own and their organization’s information. Creating a stronger “cyber smart” security culture takes time and lots of education but is critical to data security in a work from anywhere environment.
- Implement access management to improve company-wide security. Leveraging enterprise password management and single-sign-on technologies will not only help reduce potential unauthorized login risks, but also provide the IT team with further visibility into who has access to specific resources. Organizations are able to integrate their domain, SaaS applications and even customer applications, to fully protect every entry point.
- Limit information shared on public channels. Although it is well-known that sharing logins or passwords with colleagues through email or messaging platforms creates more potential risks as attackers can easily compromise the shared information, people continue to do so. Rather than writing those credentials down, provide employees with a secure password-sharing application that requires additional verification of a user’s identity before granting access and educate them on its ease of use to minimize any potential challenges.
- Secure all video meetings with passwords and end-to-end encryption. Virtual meetings have become the new normal, replacing traditional in-person meetings. Unfortunately, virtual meetings also provide an opportunity for attackers to listen in on private information. The best ways to minimize the risks are always using passwords when setting up new meetings and sharing that information with participants separately from the meeting invite itself. Most major videoconferencing providers now also offer end-to-end encryption for meetings, and utilizing this feature adds another layer of security, making it more difficult for anyone outside the meeting to access the conversation.
Securing the future
Data Privacy Day reminds us how paramount it is to take care of one of our main resources, our data, not only today – but every day.
Starting with securing the new perimeter – identity – and solidifying the basics, organizations need to follow these simple but key steps to ensure all employees, no matter their level, take action and protect the company’s data – and by extension their own.
About the Author
Ian Pitt is the Senior Vice President and Chief Information Officer at LogMeIn, where he is responsible for global Cyber Security, Governance, Corporate IT, Business applications and Product Operations. He has over 20 years of experience leading business process management and optimization, as well as industry compliance/governance processes and cyber security.