Due to the Coronavirus outbreak, employees are allowed to operate remotely, but shifting to the remote working model can put the businesses at risk. A challenge for CSOs – maintaining security while ensuring smooth operation without interruptions. How CSOs should balance security with a remote working model. In an exclusive interview with CXO VOICE, Filip Cotfas, a Data Security expert and Channel Manager at CoSoSys, discusses the challenges, risks, and ways to maintain security while working remotely.
What are the major security challenges organizations facing while working remotely?
Filip Cotfas: While working remotely, organizations face major security challenges mostly because computers are not in the same network. From a higher probability of external attacks to employees’ tendency to relax security practices while working from home, sensitive and confidential information leaving a company’s premises will always be more vulnerable than when it is firmly within reach of a well-secured company network.
How is Data Loss Prevention helping with remote work?
Filip Cotfas: Once the remote work plans are implemented, companies must ensure that devices running on all operating systems are connected and protected. From DLP solutions and videoconferencing tools, they must all function across all operating systems or risk leaving essential personnel outside the company network, with a vulnerable system just waiting to be exploited.
With a Data Loss Prevention solution in place, enterprises can apply policies on the endpoint, protecting sensitive data whether a computer is connected to the company network or outside it and ensuring regulatory compliance, like GDPR or Personal Data Protection Bill.
How to mitigate security risk while operating remotely?
Filip Cotfas: As a company, you need to adopt new solutions before your employees do. They will be tempted to start using new software to ease their work. This includes messaging applications, video conferencing tools, and document sharing services. It’s important for companies to choose these solutions before their staff starts using unauthorized software that is not up to business standards and compliance requirements.
It’s also essential that encryption is applied to all devices, whether laptops or removable devices such as USBs, making sure that, in case a device would be lost or stolen, the data on it will not be accessible to third parties.
For the security, VPNs have an essential role while working remotely, allowing users to securely access a company’s network and services through an encrypted network connection.
Data Loss Prevention (DLP) solutions have a major role in keeping companies’ data safe. By applying policies directly on the endpoint, they can ensure that data continues to be protected and monitored whether a computer is online or not.
How can device control help to protect data theft?
Filip Cotfas: To reduce the risk of infections through USBs, organizations should apply device control policies that limit or block the use of USB and peripheral ports, allowing only trusted company-issued devices to connect to a computer.
With a device control policy in place, administrators can have an overview of traced files that have been transferred from a protected computer to a portable device or to another computer on the network, and vice versa. It also offers an overview of shadowed files that have been transferred from a protected computer to a portable device.
What should additional tools employees use to secure their devices?
Filip Cotfas: While Data Loss Prevention helps in mitigating insider threats, to prevent outsider attacks, employees should use traditional tools such as firewalls or antivirus in order to secure their devices.
As a security expert, how are you helping your clients secure their organization with the remote working model?
Filip Cotfas: Many data protection policies are dependent on a computer being connected to the company network or the internet. While working remotely, for the duration that employees’ computers are offline, data protection policies are no longer active, risking both data loss and noncompliance with data protection legislation.
Our Endpoint Protector policies are applied directly on the endpoint, so this way, enterprises can ensure that data continues to be protected and monitored whether a computer is online or not.
Is limiting employee access the solution to mitigate security risk?
Filip Cotfas: We think that a viable solution to mitigate security risk is to limit some access and warn employees about potential outcomes before transferring a file.
What are your security recommendations for enterprises?
Filip Cotfas: Our security recommendations for enterprises to protect their data from loss or theft are to monitor sensitive data at all times, protect all operating systems, prevent the spread of shadow IT, and be vigilant of scams.