|Answered by Mark Hofman, Chief Technology Officer, CyberCX|
Data security is always a major challenge. This is even more so when staff work remotely.
As a first step, you need to ensure you have the appropriate controls in place. Restrict access to sensitive data, including business documents, customer records, staff records and other confidential information. Access should be on a ‘need-to-know’ basis. Only those staff members that absolutely require access to specific data, documents or other information, should have access to it.
Limiting data access will help reduce any damage if a device or system is compromised.
With staff accessing your organisation’s systems using home wi-fi networks, there is a greater risk of data being compromised. This risk can be reduced by ensuring access to the organisation’s network is only through a VPN. Better still, shifting to cloud-based systems with 2-Factor-Authentication will help strengthen data security.
Another thing to consider is device security. Staff need to always be aware of the physical security of their computers or mobile devices. They should not leave devices unattended in public places, screens should be locked whenever they step away from the device, and they shouldn’t allow others (even family members) to use their work devices.
If your organisation has a CASB (cloud access security broker) solution or DLP (data loss prevention) solution, then these may come into play. These products can often accurately track where data is being stored and used. Depending on your o365 licensing (assuming you are using it), you may have access to the built-in DLP functions in the platform.
View our 5 easy steps to improve your cyber resilience.