In the previous article, (https://community.nasscom.in/communities/covid-19/remote-working-the-new-normal-how-to-enable-it-quickly.html), we briefly touched up on remote working, its challenges and proposed solutions. As a follow up, this write up focuses on the details of Data security and its plausible challenges and solutions in a remote working environment.
With COVID-19, the world has seen a shift from usual work place practises with many industries adapting remote working as a ‘Business as usual’ model. It would be safe to say that remote working is the new normal, and data security remains one of the biggest concerns.
The following table aims to draw out challenges and proposed solutions based on personal learning and organization wide application that have proven to be successful over the last 4 months. While this list is not exhaustive, it covers some of the high level data security concerns that remain common for diverse industries.
|a) Social Engineering threats such as Phishing, baiting resulting in data breach.
b) Personally Identifiable information (PII) Data protection
c) Data protection provided by physical access controls in white room environment in offices are not available in work from home environment
1. Data Security policy and awareness
a) Assess and adhere to Security Policy Standards based on process and client requirements.
b) Implement and monitor internal policies, set strict password protocols.
c) Stringent employee awareness with training, written acknowledgements and periodic surveys.
2. Data Security tools
a) Virtual Private Network (VPN) ,Secure Sockets Layering (SSL) IP Sec, Cloud Proxy
b) Use of AI/ML for Early detection of cybersecurity threats and anomalies
3. Access and Authentication Control :
a) Perform regular audits and assessments to ensure compliance.
b) Access to sensitive data based on ‘need to know’ basis.
c) Multi Factor Authorization such as One Time Password (OTP), RFID, smart card, fingerprint reader or retina scanning
d) Real time monitoring of accounts that have external data access with implementation of software such as Zscaler, Remote desktop etc.
4. Protecting PII/Sensitive data
a) Identify sensitive data and Understand compliance requirements such as PCI Standards, PHI, HIPAA etc.
b) Data Obfuscation : Encryption, Tokenization and Data Masking
c) Mobile Device Management (MDM) to protect company data.
d) Email Security: End to End encryption for email keeping PII and sensitive data secure.
5. System Hardening :
a) Disabling certain ports and installation of software,
b) Harden network devices and systems based on least privilege
c) Managing and restricting admin privileges.
Regular software key updation ( anti-virus, OS )
Data Security in work from home environment has been one of the biggest challenges faced by organizations today. While Data Security is a vast topic, I intended to briefly address some high level data security concerns and plausible solutions, applicable for diverse industries. Please feel free to reach out for detailed insights if required.
COO – SLK Global Solution