Remote Work, Data Protection and Compliance During the COVID-19 Crisis

Remote Work, Data Protection and Compliance During the COVID-19 Crisis

Authored by Mr. Filip Cotfas, Channel Manager, CoSoSys

With the COVID-19 virus now officially declared a pandemic by the World Health Organization, companies around the world have encouraged their employees to work from home to protect their health and support government measures aimed to curb the spread of the virus. However, while many organizations have long been exploring the possibilities offered by remote work, few have allowed all their employees to work from home at the same time for extended periods of time.

The new reality imposed by the current health crisis means many companies' entire workforce will be working remotely under lockdown measures for weeks, with the possibility that the situation will extend months further into spring and early summer.

Some organizations have been more prepared than others for this eventuality and have long had emergency and business continuity plans in place. Many others though, have hastily put together a work from home plan which, while meant to ensure that employees can continue to perform their duties for the duration of the crisis, often fail to consider two vital points: data protection and the risk of noncompliance with data protection legislation.

Protecting data while working remotely

Many data protection strategies focus on company networks and are therefore restricted to office perimeters. This means that all the devices being taken out of the office for remote work will lose most of their protection and compliance policies once they are out of the workplace.

One way of ensuring data protection policies remain in place even when employees work remotely is to apply them on the endpoint, meaning that data protection software is installed directly on the devices rather than at network level. In this way, policies will stay active no matter where the devices are located. This is ideal, especially for companies that have had no time to configure a Virtual Private Network (VPN), and employees will have to use their own private WiFi networks to connect to the internet.

Encryption is also an essential part of secure remote work, ensuring that, if devices are stolen or forgotten while outside the office, anyone getting ahold of them cannot access any data on them. Many computers come with native encryption tools, and companies are strongly encouraged to request that their employees use them.

Home office compliance

Given the state of emergency, compliance has taken a back seat to considerations surrounding employees' wellbeing and the need to continue business operations remotely. This instinct to overlook data protection as negligible in case of extreme circumstances goes against one of the fundamental principles of the new wave of data protection legislation spearheaded by the EU's General Data Protection Regulation (GDPR): data protection by design and by default. It means that data protection is no longer an afterthought that companies can choose to incorporate in their strategies depending on a given situation, but needs to be one of the foundations of business operations.

Working remotely, especially for organizations with no solid remote work plans in place, will mean that data will become more vulnerable. Malicious outsiders are likely to take advantage of the chaos leading to an increase in external attacks. Employees, freed from the restrictive policies of company networks, may also slacken their security practices and endanger the data they take home with them.

Tools like Data Loss Prevention (DLP) solutions applied at the endpoint level can support remote compliance through their focus on special categories of data protected by data-protection legislation as opposed to the overall devices the data is stored on. By applying policies directly to sensitive data, DLP tools help companies monitor and control the transfer and use of personal information remotely, ensuring that it is not sent outside the company or uploaded to unauthorized third party services.

How Endpoint Protector can help

Companies often mistakenly believe that the implementation of DLP solutions is a long and complicated process and cannot be applied on short notice in case of urgent need. This could not be further from the truth.

Endpoint Protector can be deployed remotely in 30 minutes or less and requires only an internet connection to install. User-friendliness has always been at the top of our priorities, which means our solution can also be easily run by both technical and non-technical personnel.

Endpoint Protector has been a cross-platform solution since it was first developed and is one of the few DLP solutions on the market to offer feature parity for WindowsmacOS, and Linux. Organizations can, therefore, get the same features and level of protection for a computer regardless of the operating system it's running on.

With predefined policies for data protection legislation such as GDPR and HIPAA that can be applied to both data at rest and in motion, Endpoint Protector helps support home office compliance. Our solution ensures that, in these times of crisis, companies keep their data secure and stay clear of data breaches and any potential fines from data protection authorities around the globe.

Telecom Today