In its annual “Cost of a Data Breach” report, IBM reveals that the average total cost of a data breach in the United States in 2020 is $8.64M and took an average of 237 days to identify and contain.1 But even more interestingly, 70% of respondents said remote work would increase the cost of a data breach, and slightly more (76%) said remote work would increase the time to identify and contain a breach.
HR Technology News: Technology and Workforce Organizations Unite to Pathway More Women, Women of Color and Women Returning To The Workforce Into Tech Jobs
“Most enterprise security was not designed for remote work,” explains Robert Selvaraj, Co-founder and CEO of SearchBlox. “So the sudden, seismic shift to distributed teams poses huge cybersecurity risks.” In industries that handle personally identifiable information (PII), including healthcare, financial services and government, these breaches can be especially devastating.
Consider this: prior to the COVID-19 pandemic only about 15% of U.S. employees worked from home and only some of the time.3 By the middle of April, half of U.S. employees were doing all of their work remotely.4 Now that those employees are working in shared spaces of their homes and balancing conference calls with childcare, they may be tempted to prioritize productivity and speed over security.
HR Technology News: TecHRseries Interview with Blair Young, Senior Director of Product, MindManager
So Selvaraj offers the following tips to beef up security in order to protect employee data, customer data and your reputation.
- Require refresher courses for compliance. “Being vigilant about phishing attempts, spyware trojans and ransomware is more important than ever,” says Selvaraj. “You might even consider creating new instructional content specific to the work-from-home environment.”
- Publish new device security and virtual private network (VPN) protocols. “Right now it’s tempting to let down your guard and leave devices unlocked or even to share company devices with little remote learners at home,” says Selvaraj. He suggests updating your policies regarding VPN and device sharing. “And remember that your employees’ home security is not as tight as corporate’s. Remind your teams to report lost or stolen equipment immediately.”
- Update users and permissions settings. The status quo has changed, so should these settings. “Take a close look at what you should tighten or loosen up on an app by app basis,” suggests Selvaraj. “And consider requiring employees to change their passwords more frequently.”
- The average enterprise employee spends nearly 2 hours a day searching for the information and data they need to do their job.5 Make sure the data they’re searching is secure. “We encrypt our clients’ customers’ data at every level of search,” says Selvaraj. “Ask your search vendor if they can protect your data at the user, index and document level. If they can’t, find a new vendor.”
- Choose a vendor that provides searchable encryption in addition to encrypting data at rest and in transit. Elasticsearch, the world’s leading open source search and analytics solution, does not allow you to search data while it’s encrypted. “In order to search the data with Elasticsearch, you have to decrypt it — even if just temporarily,” explains Timo Selvaraj, co-founder and VP of product management at SearchBlox. “We offer a data privacy module that allows you to search data while it’s still protected with AES-256 encryption. Every user can search the data, but only privileged users can see the decrypted PII information.”
HR Technology News: Remote Collaboration: Common Challenges and Solutions
Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.