I remember my first visit to New York City. I wanted to see and do many of the traditional touristy things, but most of all I wanted to visit the Statue of Liberty. When I was coming out of the subway and walking through Battery Park along the way to the Ferry Terminal, there were dozens of individual business opportunists selling designer watches and handbags from underneath their overcoats. Upon my return from the Statue of Liberty, it started to rain. As I disembarked and made my way through Battery Park, I noticed that all of the mobile business opportunists had switched from selling their normal goods to rain ponchos and umbrellas. I was impressed at their nimbleness to take advantage of the market conditions.
As we look at the dynamic shift businesses have made during this recent pandemic to enable traditional office workers to work from home (WFH), we have also noticed a nimbleness by cyber criminals to prey on those companies that rushed to enable their staff to WFH. At IWCO Direct, we keep data safe no matter where our staff is working.
Getting WFH Data Security Right
So how should WFH data security be different from when associates are working from their office? Ideally, there should be no difference. In a traditional security model, companies would set up perimeter boundaries, and defend them against bad actors. However, over the last few years there has been a shift to mobilize the workforce, which has blurred where the traditional boundaries are. Companies should be protecting their intellectual property and data regardless of where it is being accessed from. Enabling remote workers to access your network from their home computers without verifying if those computers are patched and free of malware would be very risky.
For IWCO Direct, protecting against a client data breach has always been paramount. So as some associates have transitioned to WFH, we needed to ensure client data security wasn’t compromised. We started with the base security requirements outlined in our policies. We wouldn’t make an exception to this just to accommodate remote employees. If you cannot have the same computer security requirements for your remote workforce as your office workers, then you really don’t have security requirements.
Tracking Assets as Employees WFH
Another security consideration when allowing your staff to WFH is to effectively track company assets. I read an article the other day about companies letting their employees take their office PC home, or purchase computer equipment to use while working remotely. At IWCO Direct, we only allow employees issued a company laptop to remove it from the building. This makes it easier for us to track who has what equipment, so at any given time we will have an accurate inventory of company assets. Consider the termination of an employee who is working from home. If their company allowed them to purchase a computer, it could become a grey area of who really owns that computer. Likewise, if an employee purchased a computer so they could WFH, there was likely no standard build, or hardening process, done to it. So even if a company was to retrieve this computer, it may be risky to plug it into the company network.
For years I have been preaching that security is everyone’s responsibility, and not just somebody’s job. With more people working remotely, some may be tempted to lighten up on security. To address this possibility, IWCO Direct is creating special security awareness trainings to help remind staff that our security-first mindset is in place, regardless if they are working remotely or in the office.
As I look back on that vacation in New York, I realize there were many patrons disembarking the ferry that were ill-prepared for the rainy weather and in need of ponchos for the family. Since it is likely the WFH response to this recent pandemic has altered the way we will proceed for future disruptions, companies need to prepare and have a plan in place for protecting their information regardless of where their workforce is operating.
Subscribe via email to our Stevie® and Feedspot award-winning blog and get a fresh post delivered weekly to your inbox. We promise to keep it interesting, but you can easily unsubscribe if we don’t.