Due to the global Covid-19 pandemic, companies, governmental agencies, and other organizations have adopted work-at-home protocols for many of their employees. Ideally, these groups will adapt to such changes without any significant lapses in service level or employee performance.
With the lessons learned from this experience, some experts believe that more organizations will incorporate additional work-at-home policies in the future. But for now, the experience is an emergency adjustment driven by the need to provide employees with a safe, healthy working environment.
Organizations usually construct emergency protocols and contingencies into their respective game plans to handle most potential challenges. Few anticipated the extent and all-encompassing effects of the current circumstances caused by the Coronavirus.
One aspect of the work-at-home situation that should be taken into consideration is the potential for security breaches resulting from reduced direct data security oversight and inadequate IT Asset Disposition (ITAD) processes to secure the accessed data.
Adding to the risk, many team members are using personal equipment from home, perhaps due to a shortage of company-owned equipment.
The security risks of employees using personal devices for work without the proper controls are substantial. Consider these liabilities:
- Data Risks: If an employee loses their personal smartphone or PC, the company data stored within it is at risk.
- Malware: The potential for devices that are used for both personal and business increases the equipment’s vulnerability to attack and malware.
- Exposure to Unauthorized Cloud Services: Devices that operate outside of the enterprise’s cloud environment increase data theft potential.
- Security Breaches: Maintaining confidential company documents and contractual agreements, along with personal information, may expose the company to government enforcement or civil penalties related to data breaches.
Here are some strategies for companies to minimize the potential for data compromise and other issues while permitting employees to use personal devices while offsite.
- Create an All-Inclusive Register of Assets
Companies may not have enough equipment, laptops, or tablets on hand to accommodate this sudden shift of employees working remotely. Lead-times for new equipment have lengthened due to the crisis, and, in some instances, companies cannot afford the additional capital expenditure to keep things running smoothly.
With each additional device operating independently in a system, the potential for a data breach, criminal intrusion, or malware intrusions increases exponentially.
The first step is to make sure all devices, company or employee-owned, are included in the company's asset register. This procedure allows for oversight and secure authentication to access internal data. Registration also enables the IT asset management personnel to remove access if an employee leaves the organization.
- Specific Cloud Services Access
Remote access increases the need for enterprises to adopt cloud-based service access. Maintaining all information in a secure cloud format allows authorized personnel access anything from anywhere. Access is particularly important when employees are scattered about in multiple locations.
IT management should select a single cloud provider with very secure access. Even though employees may be using personal equipment, they should only operate within the designated cloud environment. The use of personal cloud services may expose essential data to outsiders.
- Observe GDPR at All Times
General Data Protection Regulations (GDPR) are enforceable at all times for all employees, especially if they are working remotely with personal equipment. To avoid data breaches, the company should have a central control body to classify which documents and information may be accessible to specific individuals from their personal devices.
- Sanitize Personal Equipment When No Longer in Use
Whenever company assets replace the personal equipment, each non-company device must be wiped clean of any company data, and access must be eliminated. Sanitizing personal equipment is essential also whenever an employee is issued a company device, returns to the workplace, or leaves the company.
All company documents and data should be carefully removed from each personal computer, tablet, or smartphone.
Companies should establish clear procedures for staff to immediately clean the equipment to ensure that no sensitive company information remains.
Based in Medina, Ohio, thomastech LLC https://thomastechllc.com/ offers a complete menu of IT support services for new and existing clients. A proven third-party IT support and maintenance company, thomastech provides secure and reliable support worldwide, featuring:
- Secure data and malware protection
- Specific Cloud services
- Sanitization of equipment no longer on the company register
- Ongoing enforcement of GDPR (General Data Protection Regulations
- Remote maintenance and security updates
thomastech services are scalable and can be tailored to fit your company’s specific needs.
Allow your enterprise to focus only on our objectives instead of wasting time and money on in-house IT operations, contact thomastech, a proven third-party IT maintenance company.
Phone thomastech at 1-330-225-3117 to learn more about their extensive IT support services.
Friday Feature: HPE 3PAR 8200
Friday Feature: P9L83A
The facts behind new vs. old enterprise IT models that OEMs don’t want you to know
How to Decide Which SLA is Right For You
Saturday Spotlight: Jim Thompson
How much does third-party maintenance cost?
Third Party Support