COVID-19, Work-From-Home and the Risks of Data Leakage: Here’s How to Protect Your Company

By: | April 24, 2020

Martin J. Frappolli, CPCU, FIDM, AIC, is Senior Director of Knowledge Resources at The Institutes, and editor of the organization's new “Managing Cyber Risk” textbook. He can be reached at [email protected]

In the time span of a few weeks, our world is dramatically different. COVID19 has us on full alert for our own health and safety as well as our families, friends, and coworkers.

Advertisement


We scramble for toilet paper and groceries, we find new ways to work from home, and we try to get up to speed on what changes in our behaviors can help us move past this terrible pandemic. 

Data security, a vital topic for your organization, is probably not top of mind in this environment. Think again, though. The threats to your data are constant, but they are compounded by the very adjustment that so many have made – working remotely from home instead of in the (relatively) secure office environment. 

What is data leakage, and how does WFH affect it? 

Let’s define data leakage as any unauthorized transmission of an organization’s data to a person or destination on the outside. Data leakage is a threat compounded by the burgeoning work-from-home practice.  

You won’t be surprised that most data leakage is the result of employee behavior. Frequently, it’s an innocent error. An employee might mistakenly hit “reply all” in an email containing sensitive data and include unintended recipients outside the organization.

The COVID-19 threat prompted a huge wave of newly-minted WFH employees without a lot of experience in connecting remotely. At the same time, this influx of connections may have overwhelmed the IT support staff; a focus on getting folks back to work may have pushed security to a back burner.  

That is a risk no matter where the employee is working — at the office or from home but the risk grows at home. Another resident of the house might use the employee’s laptop, sharing sensitive data (not always accidentally). 

Ex-employees and unhappy workers also present a risk. As stress grows and some people are laid off or furloughed during the economic downturn that comes with this pandemic, there may be an unusually high number of disgruntled and formerly employed persons inclined to leak confidential information. 

How did this surge in WFH increase the risk of data leakage? 

Every point of connection to the internet is a point of vulnerability where malicious actors can attempt to compromise your data.

Some veteran telecommuters may be savvy in safeguarding their connections, and their home office IT staff may have the resources to support secure connections.

But the COVID-19 threat prompted a huge wave of newly-minted WFH employees without a lot of experience in connecting remotely. At the same time, this influx of connections may have overwhelmed the IT support staff; a focus on getting folks back to work may have pushed security to a back burner.  

How can companies increase cyber security and prevent data leakage? 

Here’s how *not* to do it: Regard data leakage as a technology problem to be handed off to the IT staff. Forget that they are already overwhelmed in supporting all these WFH newbies — the danger in treating this as an IT issue is that you fail to address the most common cause of data leakage, which is employee behaviors. 

Certainly, have the right tech people in place (and consultants on speed dial) to deploy and maintain state-of-the-art WFH networks and protocols. But make it a top priority to train employees about good data security hygiene.

Advertisement


Basics include a communicated and enforced data security policy; “I didn’t know” should never be a reason for a data breach. It’s not just about impossibly long and complex passwords; employees need to be trained to spot phishing attempts and other threats of data leakage, and also know where and how to report potential incidents.

Basic training on social engineering and suspicious emails should be mandatory (and not just for WFH employees), and ideally employees should be tested randomly to see if they fall for phishing-style emails.  

What does it take to minimize the risk of data leakage in the era of COVID-19 and the number of employees in WFH mode? Nothing fancy – planning, execution and testing. &

More from Risk & Insurance

More from Risk & Insurance

Risk Matrix: Presented by Liberty Mutual Insurance

10 Risks that Are Growing for Entities in the Public Sector

From coronavirus concerns to sexual misconduct and privacy protection, these are some of the prominent risks public entities face.
By: | June 1, 2020




The R&I Editorial Team can be reached at [email protected]