When governments implemented lockdown measures to combat the spread of COVID-19, many organizations found themselves enabling remote work without proper planning.
Imperfect continuity and best practices were obviously preferable to stopping business completely, but this wasn't an optimized approach. Now that some time has passed and the lockdown remains in many countries, businesses should look to retain control over their data and establish a new normal for remote data protection.
Dangers of consumer-grade applications in the enterprise
Organizations that did not previously support remote work have to deal with employees using consumer-grade apps to handle corporate data due to the lack of alternatives. Zoom has become the de facto video conferencing app for many, and this has led to Zoombombing and other privacy concerns.
Zoom has responded with upgrades to privacy, including the acquisition of Keybase to provide remote data protection for users in transit. However, this example is indicative of the larger issue with remote work: employees using any application available to them to get through the workday.
Regulations around data security and the implications of data breaches have not changed with the pandemic. Tolerating substandard apps and practices in an emergency is understandable, but now that the initial panic is over, organizations need to establish standards and best practices. This is especially crucial with the rise in pandemic-related phishing attacks as hackers exploit end users that are unfamiliar with remote working practices.
How IT should approach remote data protection
As measures to relax lockdowns are being delivered in phases, IT staff should recognize that the initial phase of business continuity has passed. The next phase requires a more measured approach. There was no time to train users and implement standard applications, but now administrators should audit all systems accessing corporate data and standardize on secure collaborative apps. This thorough approach is essential for remote data protection.
IT administrators should contact users directly to ensure they are familiar with the standard work applications and processes. If administrators need to remove some consumer apps, they should explain why upending their established workflows is necessary. In many cases, these workers adopted new applications without much guidance. However, users will have to understand that the new best practices are the only way for IT to ensure data security going forward.
Under no circumstances, however, should IT allow unsafe apps such as WhatsApp and Facebook Messenger to access business data; this is a direct threat to remote data security. Where users relied on personal devices for work, offer alternatives such as a unified endpoint management (UEM) policy with low restrictions. If the circumstances do not allow for a perfect resolution, at least establish a security baseline that the user can work from to maintain employee experience.
Organizations that previously did not support remote work should take the time to devise and share policies with all employees. Lockdowns might continue for some time, and even after these are relaxed, many users may make a case that they were able to remain productive remotely and would prefer to work that way in future.
IT professionals should make an effort to support users and proactively ask if they need any help; there might be some users who aren't aware that the typical support structures still exist in unusual times.
In some cases, replacing consumer-grade applications that employees have adopted into their workflow would incur excessive costs or disruption. In this scenario, admins should consider securing the connection by implementing device security policies or a VPN where possible without compromising remote data protection.
While it's difficult to know what the new normal will be for businesses, it seems premature to assume business will return to the way things were before COVID-19. IT's focus needs to be on restoring as much normality as possible during the current remote-focused workplace.