By Neelesh Kripalani, Sr. VP & Head- Center of Excellence, Clover Infotech
With the new normal of work from home (courtesy- COVID-19), a large proportion of employees are using their own devices to access their company’s data. However, allowing employees to work and access data from anywhere comes with a price. As per a recent survey by Trend Micro, 42% of workers in India use personal devices to access corporate data, often via services and applications hosted in the cloud. These personal devices such as smartphones, tablets and laptops are less secure as compared to the corporate equivalents and are also exposed to vulnerable IoT apps and gadgets connected to the home network.
The same survey also revealed that over one-third of remote workers surveyed do not have basic password protection on all personal devices, which means getting access to personal devices won’t be too challenging for threat actors. This makes it imperative for organizations to have strong measures in place to ensure security of the critical business data.
At first, let’s understand the risks…
· Device theft: Personal devices, especially smartphones and tablets can get stolen and experienced hackers can easily break through the basic password protection and gain access to data stored in the devices.
· Absconding employees: Some of the employees abscond without serving the desired notice period and such abrupt departure can lead to unauthorized access to sensitive company information by unwanted sources.
· Vulnerable data transfer apps: Not all third-party data transfer apps are secured. If any of the employee is using a certain app that’s unapproved to transfer data, and this application is breached, there could be serious security threat once such device is connected to the office network.
· Unsecured Wi-Fi connection: Employees connect to Wi-Fi at any place, be it a cafe, airport etc. Most Wi-Fi networks are unsecured and hackers can easily get access to your company’s data by exploiting the loopholes in the network.
· Lack of or irregular security updates: Employees are not used to updating software/applications on regular basis which makes the devices more vulnerable to hacks.
10 tips to tackle the risks
The big question is how to protect your data when devices accessing your network are not entirely in your control? Here are some of the tips that can be handy:
1. Provide VPN access to your employees
2. Put multi-factor authentication in place
3. Discourage the use of Remote Desktop Server (RDS)
4. Backup portable devices’ content on a regular basis
5. Establish a comprehensive BYOD and mobile device security policies
6. Keep all devices updated with latest versions
7. Implement a strong and unique password policy across devices
8. Hold a periodic security awareness training for all personnel
9. Auto-lock feature must be enabled on all devices being used for official work
10. Sensitive business information must be encrypted at all times using reliable encryption software.
The new “work from home” or “work from anywhere” norm blurs the lines between personal and official devices, putting both personal as well as business data in the firing line. However, despite the risks, the use of personal devices has its own benefits in terms of productivity due to the easy accessibility. Thus, instead of banning the use of personal devices for official work, getting clear policies and processes can make things more rewarding and effective.