How Blurred Lines Between Personal and Professional Data Put Your Data at Risk

The COVID-19 pandemic transformed the way we work: 

• According to Pew Research, only 20% of Americans worked from home before the pandemic; after its onset, 71% worked from home all or most of the time. 
• And Buffer found that a whopping 97% of remote workers would like to continue working remotely at least part of the time for the remainder of their careers.

It appears that remote work, in some capacity, is here to stay. Remote work can offer substantial benefits for companies and their employees alike, but it also creates new challenges. Most significantly, the increasingly blurred line between personal and professional data that has come with remote work is putting your company’s sensitive data at risk. 

While this digital transition was already on its way, the pandemic considerably sped it up. Companies had to rush to implement remote work, and most weren’t prepared to do so. This quick implementation has left gaps in security that need to be addressed. 

Remote employees may be unwittingly putting your data at risk, opening you up to data breaches, identity fraud, and other consequences.

It’s important to be aware of the risks associated with remote work so you can protect your business while continuing to reap the benefits of offering flexible work options to your employees.

Lack of Security in Work-From-Home Setups

If your employees access confidential data from home, their devices and network connection should have the tightest security possible. But the reality is, most employee work-from-home setups don’t offer the level of security they should. 

To address this security gap, make sure all of your remote employees’ devices are set up with:

• Virtual Private Networks (VPNs)
• Antivirus software
• Firewalls
• Intrusion prevention system software

Without this level of protection, there is a high probability that your data will be compromised.

Accessing Company Data on Personal Devices

Along with the shift to work-from-home, more and more employees are using personal devices—including cell phones, laptops, and tablets—to access company data. 

And companies are not only allowing their employees to use those devices for work, they’re relying on it. A report by Samsung and Oxford Economics noted that almost 80% of IT executives said their employees can’t effectively do their jobs without a cell phone, and 75% said mobile devices are essential to workflows.

However, in another study by the Ponemon Institute:

• 67% of respondents reported that the use of personal devices by remote workers has had a negative impact on their company’s security, and 
• 55% said smartphones are their organization’s most vulnerable endpoint

Even so, few companies are taking measures to address this security lapse or to fully understand the extent of the problem. Despite increasing amounts of sensitive data being stored on employee mobile devices, corporate security practices are not keeping up.

While the use of personal devices can add a level of convenience and mobility to your work, it can also seriously hinder your company’s security (and that of your employees):

• Company-owned devices have additional layers of security designed to stop cybercriminals. Personal devices don’t have the same level of security, and are much more vulnerable to risks like viruses and hackers.
• Without that level of security, lost or broken personal devices can also leave your data vulnerable, as can obsolete devices that are not properly disposed of.
• Staying up to date with the latest software versions is vital to maintaining security on computers, cell phones, and other devices. It is very difficult to monitor if employees are regularly updating software on personal devices or to enforce any company requirements to keep them updated.

Increased Internet Data Sharing

When employees communicate digitally at the office, that communication is typically protected by secure communication infrastructure and often takes place over an interoffice network. 

Remote work communication, on the other hand, is dependent on the internet. 

This poses a huge risk, as home and public internet connections are not as secure as interoffice intranets are. This leaves a big gap that bad actors can exploit to gain access to your data.

To guard against this security vulnerability, opt for a more secure approach to the digital sharing of important company information, such as using a VPN or other secure application for sharing files and sending emails.

Phishing Scams

Enterprise-level data breaches have spiked over the past two years, most commonly the result of phishing scams. 

A phishing scam is a type of online scam that targets consumers through emails that appear to be from well-known sources (banks, mortgage companies, etc). These emails ask the consumer to provide personal identifying information, which a scammer then uses to open new accounts or take over the consumer’s existing accounts. 

Today’s phishing emails are becoming increasingly sophisticated and difficult for employees to detect, especially when they make it past spam filters. If they fall for these emails, employees can inadvertently give cybercriminals access to your company’s network as well as both personal and professional data.

You can learn more about recognizing and avoiding phishing scams in this article posted by the FTC.

Steps To Address Security Gaps  

Consider implementing the following to help your company address vulnerabilities and keep your data secure:

1. Require employees to use only company-owned devices, both at the office and at home.
2. Make sure each device is equipped with the necessary security controls as well as privacy- and identity-protection software.
3. Use secure VPNs to reduce cyber risks for remote workers.
4. Implement basic security practice training for employees. Include instruction on how to protect their devices, how to create and use secure passwords, how often to change passwords, and so on.
5. Create a disaster recovery and business continuity plan in case of a data breach or other cybersecurity event.
6. Add cybersecurity liability insurance to your insurance package.
7. Add identity and credit protection for both personal and professional data with Securus’ Extended Partner Program — cover company data AND offer personal data protection as an employee benefit to help everyone better combat threats.

Take a proactive approach to protecting your most valuable asset — your data — with help from Securus. Contact us at +1 (877) 833-9041 or info@securusid.com

to learn more about our Extended Partner Program and other ways we can help keep your sensitive data safe.