Remote Work, Data Protection and Compliance during the COVID-19 Crisis
With the COVID-19 virus now officially declared a pandemic by the World Health Organization, companies around the world have encouraged their employees to work from home to protect their health and support government measures aimed to curb the spread of the virus. However, while many organizations have long been exploring the possibilities offered by remote work, few have allowed all their employees to work from home at the same time for extended periods of time.
The new reality imposed by the current health crisis means many companies’ entire workforce will be working remotely under lockdown measures for weeks, with the possibility that the situation will extend months further into spring and early summer.
Some organizations have been more prepared than others for this eventuality and have long had emergency and business continuity plans in place. Many others though, have hastily put together a work from home plan which, while meant to ensure that employees can continue to perform their duties for the duration of the crisis, often fail to consider two vital points: data protection and the risk of noncompliance with data protection legislation.
Protecting data while working remotely
Many data protection strategies focus on company networks and are therefore restricted to office perimeters. This means that all the devices being taken out of the office for remote work will lose most of their protection and compliance policies once they are out of the workplace.
One way of ensuring data protection policies remain in place even when employees work remotely is to apply them on the endpoint, meaning that data protection software is installed directly on the devices rather than at network level. In this way, policies will stay active no matter where the devices are located. This is ideal, especially for companies that have had no time to configure a Virtual Private Network (VPN), and employees will have to use their own private WiFi networks to connect to the internet.
Encryption is also an essential part of secure remote work, ensuring that, if devices are stolen or forgotten while outside the office, anyone getting ahold of them cannot access any data on them. Many computers come with native encryption tools, and companies are strongly encouraged to request that their employees use them.
Home office compliance
Given the state of emergency, compliance has taken a back seat to considerations surrounding employees’ wellbeing and the need to continue business operations remotely. This instinct to overlook data protection as negligible in case of extreme circumstances goes against one of the fundamental principles of the new wave of data protection legislation spearheaded by the EU’s General Data Protection Regulation (GDPR): data protection by design and by default. It means that data protection is no longer an afterthought that companies can choose to incorporate in their strategies depending on a given situation, but needs to be one of the foundations of business operations.
Working remotely, especially for organizations with no solid remote work plans in place, will mean that data will become more vulnerable. Malicious outsiders are likely to take advantage of the chaos leading to an increase in external attacks. Employees, freed from the restrictive policies of company networks, may also slacken their security practices and endanger the data they take home with them.
Tools like Data Loss Prevention (DLP) solutions applied at the endpoint level can support remote compliance through their focus on special categories of data protected by data-protection legislation as opposed to the overall devices the data is stored on. By applying policies directly to sensitive data, DLP tools help companies monitor and control the transfer and use of personal information remotely, ensuring that it is not sent outside the company or uploaded to unauthorized third party services.
How Endpoint Protector can help
Companies often mistakenly believe that the implementation of DLP solutions is a long and complicated process and cannot be applied on short notice in case of urgent need. This could not be further from the truth.
Endpoint Protector can be deployed remotely in 30 minutes or less and requires only an internet connection to install. User-friendliness has always been at the top of our priorities, which means our solution can also be easily run by both technical and non-technical personnel.
Endpoint Protector has been a cross-platform solution since it was first developed and is one of the few DLP solutions on the market to offer feature parity for Windows, macOS, and Linux. Organizations can, therefore, get the same features and level of protection for a computer regardless of the operating system it’s running on.
With predefined policies for data protection legislation such as GDPR and HIPAA that can be applied to both data at rest and in motion, Endpoint Protector helps support home office compliance. Our solution ensures that, in these times of crisis, companies keep their data secure and stay clear of data breaches and any potential fines from data protection authorities around the globe.
Frequently Asked Questions
Remote work comes with a number of challenges to data protection, including an increased likelihood of external attacks as well as a higher risk of insider threats. Here are some tips to ensure that sensitive data stays safe while employees are working remotely:
- Adopt new solutions (such as video conferencing tools, messaging applications, and document sharing services) before your employees do
- Apply encryption to effectively secure data at rest on devices and ensure that if a device is lost or stolen, the data on it will not be accessible to third parties
- Use Virtual Private Networks (VPNs) for remote network access
- Apply device control policies that limit or block the use of USB and peripheral ports
- Ensure data protection policies remain active offline
Endpoint compliance technology enables organizations to ensure compliance with regulatory frameworks such as the GDPR, CCPA, HIPAA, or PCI DSS by discovering, monitoring, and protecting sensitive data stored on endpoints. Endpoint compliance scanners help companies to stay in control of their compliance responsibilities by scanning data at rest stored on endpoints and offering remediation actions.
By implementing an endpoint Data Loss Prevention (DLP) solution, organizations can protect sensitive data regardless of an endpoint’s physical location. Such solutions are deployed on each endpoint, providing content discovery, preventing data leakage through storage devices as well as safeguarding data when a device is outside the corporate network.
Shifting to remote work involves sensitive data leaving company premises and data stored on endpoints becoming vulnerable to leakage and theft. Endpoint Protector DLP allows organizations to apply security policies on the endpoint, thus protecting sensitive data whether a computer is connected to the company network or outside it. Our solution can also ensure that compliance efforts with legislation such as PCI DSS carry on uninterrupted by offering predefined policies. The Outside Network and Outside Hours policies allow companies to set different monitoring and control policies when a computer is taken outside the company network or used outside of regular working hours. Endpoint Protector policies remain active whether a company computer is online or offline, which means sensitive data is controlled and monitored at all times, and logging continues as usual.
Download our free ebook on
A comprehensive guide for all businesses on how to ensure GDPR compliance and how Endpoint Protector DLP can help in the process.