Many businesses that have allowed employees to continue working from home for the foreseeable future are aware that they need to update their cybersecurity. It’s likely that they have allocated some budget and IT resources to make those necessary changes. However, IT budgets are finite. Given the economic disruption of the pandemic, enterprises must strategically decide where to invest their cybersecurity budget most effectively.
There are many different approaches to cybersecurity, and the way your business previously protected data may no longer work in a remote-work paradigm. Here’s how to understand how working from home impacts your data security – as well as some steps to take to make sure you are prioritizing the right things.
Types of cybersecurity
Cybersecurity can be broken out into categories based on what you wish to protect. Cybersecurity practices are commonly classified into one of these five areas:
- Network or perimeter security: protection for your network traffic by controlling incoming and outgoing connections. This prevents hackers and malware from entering and spreading throughout a network.
- Data security or data loss prevention (DLP): protection for your data by enforcing strict protocols and safety measures on the location, classification and monitoring of data (both stored data and data as it is used).
- Cloud security: protection for data used in cloud-based services and applications.
- Device security: protection for on-premises devices such as computers and servers.
- Application security: protection for your apps from attacks with testing, app shielding strategies, and more.
There are many subcategories within these broad cybersecurity distinctions, but IT professionals tend to focus on these areas.
All these types of cybersecurity are important. When offices are working business as usual, most IT professionals tend to prioritize network security first; devices, applications, and data sharing are all linked through the same network, so protecting the perimeter makes sense.
As more people work remotely, however, investing in network security makes less sense. Data protection and cloud security are more important as our online needs are rapidly changing. With limited investment available, how should you prioritize your cybersecurity?
New approaches to cybersecurity
As one expert reported in Forbes, “To protect customers, employees, and reputations while ensuring compliance with evolving regulations, companies should shift their security strategies from an outdated reliance primarily on ‘perimeter protection’ to a companywide approach based on ‘secure data access.’”
As our online behavior changes, the threats evolve too. Cloud services, for instance, are becoming a new target for hackers. McAfee found that remote attacks on cloud services and collaboration tools, like Slack, increased 630% during the first four months of 2020. Employees are using their own devices and their own networks, so shifting your cybersecurity to focus on cloud security is a good first step to protecting data outside the office firewall.
Data loss prevention, DLP, is another key area for IT professionals. Your enterprise must prioritize building a strategy that prevents unauthorized access to and use of data. There are three key areas here to consider:
- Data discovery: measures to identify PII and other sensitive data as it is collected and used across your organization.
- Data transformation: measures to secure data by masking or anonymizing PII so only those in the company who need access to data have it.
- Data access: granular controls that ensure the right people can access specific data or data formats – role-based and attribute-based measures.
In the immediate term, IT professionals need to ramp up cloud security and data security to accommodate remote employees. Here’s how to do it.
Steps to improve your data security
One of the easiest ways to improve your data security is by educating your employees. This effort takes time, but very little financial investment.
Teach your team ways they can improve their at-home security practices. Nightfall found that lax email policies contribute to a huge amount of data theft. Poor password hygiene for email accounts – like using “password1234” or another easily guessable code – is a big mistake that many people are (still) making. Companies are also not utilizing multi-factor authentication when signing into accounts. Lack of employee training and clear WFH security policies are further contributing factors to the increase in data theft via email.
Next, address changes to your network security by providing tools for employees to safeguard their personal devices. One study by Security Magazine discovered that 56% of employees are using their personal computers to work remotely in response to COVID-19. Moreover, nearly 25% of employees working from home don’t know what security protocols are in place on their device. IT teams should perform one-on-one audits with each remote worker to assess what security measures are in place and provide the tools and feedback needed to improve the cybersecurity of at-home networks and devices.
Lastly, add an automated DLP solution like Nightfall to dramatically improve your data security.