Filip Cotfas, Channel Manager, CoSoSys

With the Covid-19 declared a pandemic by the World Health Organization, companies around the world have encouraged their employees to work from home to protect their health and support government measures aimed at curbing the spread of the virus. While many organisations have long been exploring the possibilities of working remotely, very few have allowed all their employees to work from home at the same time for extended periods of time.

The new reality imposed by the current health crisis means that the entire workforce of many companies will be working remotely under lockdown measures for weeks, with the possibility that the situation will extend months further into spring and early summer. Some organisations have been more prepared than others for this eventuality with emergency and business continuity plans in place. Many others, though, have hastily put together a work-from-home plan (WFH). While it is meant to ensure that employees continue to perform their duties for the duration of the crisis, these plans fail to consider two vital points – data protection and the risk of non-compliance with data protection legislation.

Protecting data while working remotely

Many data protection strategies focus on company networks and are therefore restricted to office perimeters. This means that all the devices being taken out of the office for remote work will lose most of their protection and compliance policies once they are out of the workplace.

One way of ensuring compliance with data protection policies when employees work remotely is to apply them at the end point. This means that data protection software should be installed directly on the devices rather than at the network level. In this way, policies will stay active no matter where the devices are located. This is ideal, especially for companies that have had no time to configure a virtual private network and employees will have to use their own private Wi-Fi networks to connect to the internet.

Encryption is also an essential part of secure remote work operations. It ensures that if devices are stolen or forgotten outside the office, anyone getting a hold of them cannot access their data. Many computers come with native encryption tools, and companies must strongly encourage their employees to use them.

Home office compliance

Given the state of emergency, compliance has taken a backseat with a focus on employees’ well-being and the need to continue business operations remotely. This decision to overlook data protection goes against one of the fundamental principles of the new wave of data protection legislation spearheaded by the European Union’s General Data Protection Regulation: Data Protection by Design and by Default. It means that data protection is no longer something that companies can choose to incorporate in their strategies depending on a given situation, but it is one of the foundations of business operations.

Working remotely, especially for organisations with no solid remote work plans in place, will make data more vulnerable. Malicious outsiders are likely to take advantage of the chaos, leading to an increase in external attacks. Employees, freed from the restrictive policies of company networks, may also slacken their security practices and endanger the data that they take home.

Tools like data loss prevention (DLP) solutions applied at the end-point level can support remote compliance with their focus on special categories of data protected by the data protection legislation. By applying policies directly to sensitive data, DLP tools help companies monitor and control the transfer and use of personal information remotely, ensuring that it is not sent outside the company or uploaded to unauthorised third-party services.

Companies often mistakenly believe that the implementation of DLP solutions is a long and complicated process, and cannot be applied at a short notice. This could not be further from the truth. End-point protector solutions can be deployed remotely in 30 minutes or less, and require only an internet connection for installation. Endpoint protector is a cross-platform solution. It is one of the few DLP solutions in the market to offer feature parity for Windows, macOS and Linux.

In these times of crisis, companies must keep their data secure and stay clear of data breaches and and protect themselves from any potential fines from data protection authorities around the globe.