It has been over two years since the pandemic changed our lives as we knew them. During that time, much has also changed about the structure of our work culture and environments. With remote and hybrid working environments now a permanent option for many employees, inadequate data protection is a concern for many organisations. Gartner VP Analyst, Peter Firstbrooke states “As the new normal of hybrid work takes shape, all organizations will need an always-connected defensive posture and clarity on what business risks remote users elevate to remain secure.”
Pre-pandemic, many employees worked in office environments, which gave organisations more control over data policies and security as everything was managed from one location. Now, as the structure of solely working within an office environment becomes a thing of the past, one thing that an organisation cannot afford to risk is the structure around protecting their data.
Work Structure Has Changed
As humans, structure plays a huge part in all aspects of our lives. The use of routines and structure provides an element of predictability for us in this ever-changing world, thus helping us feel safe. Structure is even more important when it comes to remote work, as much of the provided structure from an office environment is lost when working remotely. Finding a way to restore this lost structure will become a key component in data protection, as even after the pandemic ends, remote work will continue and may be the preferred environment for employers and employees alike. An article by Forbes states “By 2025, an estimated 70% of workers will be working remotely at least five days a month.” Additionally, a Gartner CFO survey revealed that post pandemic, 74% plan to shift some of their previously on-site employees to a permanent remote environment.
Without the common working practices and thought processes that an office environment provides, remote working means employees may lose sight of the things that are normal or are taken for granted in day-to-day office work life. They may face unfamiliar distractions and be challenged by different focuses and mindsets in a remote environment.
Dangers of Employee Carelessness
Without the structure of the familiar office environments, and the distractions that may be faced remotely, security may not be top of mind for employees. A recent report conducted by IBM stated that nearly 20% of organizations reported that remote work was a factor in a data breach, and that these remote work related breaches ended up costing companies over $1 million more on average than a non-remote work related breach ($4.96 million vs $3.89 million).
In addition, employees working remotely may find, for one reason or another, they have access to data they don’t need to do their job. A GetApp survey revealed that around half (48%) of employees have access to more information than needed to do their job, and 12% have access to all company data. With the knowledge that these results were reported pre-pandemic, when most employees still had the structure of an office environment, imagine how much they may have increased, post-pandemic, when remote working is at an all-time high? To further this concern, a 2021 study conducted by IBM found that “in 100% of the incidents where the insider was confirmed or likely had administrative access, having this elevated access (to more data than they should) played a role in the incident itself.” Therefore, combining the potential elements of distraction and access to more data than needed in a remote environment can create a perfect storm for data leakage, be it intentional or accidental.
Bolstering Your Security Ecosystem
Having a strong security ecosystem is a key component to data security, as security ecosystems work to minimize both internal and external threats. When the pandemic began, organisations were quickly forced to adapt their structure and technology approaches to a remote workforce, and a study by IBM found that security ecosystems lagged behind the sudden technology changes made to the structure of work environments.
Many organisations had focused more on traditional data security, by controlling networks and devices to keep data protected, as this is easy to control in an office environment. However, it isn’t conducive in a remote environment as it makes collaboration difficult and leads to poor productivity. Instead, organisations need a security ecosystem where the focus is on protecting the data itself and empowering employees to do the same, so that data is protected when it moves between networks.
An important first step in bolstering your security ecosystem is to know and classify your data to determine how it should be handled, which can also then drive downstream protection. Data classification solutions allow users to assign visual and metadata labels to the data they create or save according to its sensitivity and value to the organisation. Metadata labels allow the other data security solutions within the ecosystem, such as DLP and DRM, to understand what data is sensitive and if it requires further protection based on the organisational policy. This allows your organisation to identify, categorise, and protect sensitive data, providing an all-encompassing security ecosystem that is adaptive and configurable to your organisation’s policy requirements. Utilising the reporting capabilities of your classification solution also means you can keep track of what users are doing with data to make sure organisation policies and compliance regulations are being met, no matter where users are working from.
Empower Your Employees
Organisations need to make sure they are providing users with the tools to ensure they do not let their guards down on data security simply because of a location and focal change, and that the same standards and associated structure that would be provided in the office environment are being adhered to. The use of security solutions, such as data classification, reinforces, reminds, and empowers users to apply security policy on all documents and emails created, adding back that element of structure.