Since the pandemic, the rise of remote working has seen employees enjoy a better work/life balance and the freedom to work from wherever they want. 

But while companies have reaped the benefits of reduced overheads, remote working has raised the issue of new cybersecurity threats that could wreak havoc on their businesses.

As data breaches continue to rise, with 41.9 million records compromised globally in March 2023 alone, it’s imperative that security teams are prepared for remote working and the new threats it can bring.

‍What are the risks of DLP (Data Loss Prevention) for remote working? 

Working from home, without the camaraderie of the office, employees may find themselves working in silos. It’s easy enough to let everyone know about a potential phishing attack when everyone is in one place, but by the time you can get the right communications out to people who are working alone, it may be too late. 

Security teams also may not have full visibility over how employees are using sensitive data, where it’s being stored, and whether the data is being deleted after use. This lack of control over sensitive data can result in confidential information sprawled across plenty of SaaS apps like Slack, Google Drive, and Jira.

‍How can these risks impact a business?‍

Without true visibility over your sensitive data, businesses are more at risk of data being leaked or breached. For instance, if a hacker got into one employee’s Google Workspace account, they may find a treasure trove of data that they can hold to ransom or sell on to others. 

It’s far too easy for data to get into the wrong hands if employees aren’t fully aware of security policies, and get into bad habits when it comes to handling sensitive information. 

Sheree Lim, Head of Product at Metomic, says, “In 2023, organisations should be moving away from securing the perimeter, and instead focusing on their data. As data becomes a currency in itself, companies should be lining up a data-centric approach that helps them understand where data lives and how it’s stored. Not only can it help them comply with regulations, it will also enhance their ability to detect and respond to threats effectively."

Office working v remote: What are the unique challenges? 

Security teams will face a multitude of challenges when it comes to remote working, such as: 

1. A lack of control over devices 

Whereas company laptops were once handed out in the office, perfectly prepped by the security team beforehand, more employees are now using their own personal devices or having devices delivered directly to them. Without the correct software installed, security teams must rely on employees to put their own safeguards in place - no easy challenge. 

As people work from their own homes using their own wi-fi connections, the safety net of the company’s firewall has also been removed, exposing them to risks they otherwise wouldn’t have had to face. 

2. Employees falling victim to phishing attacks 

Without the regular contact of security professionals and colleagues who can help verify whether something is legitimate or not, it can be easier for employees to be tricked into sharing sensitive data or downloading malware. 

Security teams will have to work hard to ensure their employees correctly identify a phishing scam and won’t automatically assume it’s their real boss asking for personal information. 

3) Difficulty monitoring remote workers 

Unless you have the right capabilities in place, it can be hard to monitor what employees are doing and whether they’re following protocol. For example, are they putting off essential updates that you could walk them through if you were in the office together? 

Remote workers will need to be trusted to follow security procedures correctly. 

4) More cloud-based data 

Unsecured cloud services can be a sitting duck for data breaches. With lots of different devices accessing the same information via lots of different devices, it can be all too easy to allow someone to access your cloud-based data by accident. 

It’s key for security professionals to have the right authentication processes in place to keep bad actors out of the equation.

5) Man in the middle attacks 

Data intercepted between your employee’s device and the company network could be precious gold for a hacker. Man in the middle attacks could be made easier by remote working, especially if your employees are relying on unsecured connections to complete their work. 

6) Unauthorised downloads

Without a security team in the office to monitor what people are downloading, employees could be using unauthorised programs that pose a risk to the business. It’s easy and free to download so many different apps nowadays and security teams will need to be on the lookout for those that go against their policies. 

7) Employees leaving their devices open in public places

Remote working may not mean working from home. Your employees could be working from coffee shops, co-working spaces, or anywhere else they can get a wi-fi connection. The issue you may have here revolves more around privacy. 

Are your employees leaving their laptops unattended to go and grab a coffee or are they having private discussions in a public space? You should let them know what the company expects from a privacy and security perspective when they’re working away from home or the office. 

How can security teams ensure security is being adhered to and managed effectively? 

There are a few ways security teams can ensure their employees are adhering to their policies: 

Create a comprehensive DLP policy

Devising a DLP policy that outlines the tools to be used and procedures you’ll have in place to protect your data means you can get everyone on the same page. For instance, outline your retention policies and whether you have automatic redactions in place so employees know what to expect. 

You should also provide resources that outline the policy clearly so employees can find the information they’re looking for quickly and easily. 

Provide regular security awareness training 

Annual security awareness training isn’t enough to give employees a good idea of what they should be doing to secure their sensitive data. 

Instead, try continuous training (such as real-time employee notifications) that help them see security policies in action, and in the context of their role. 

Use VPNs to secure your connection 

Rather than run the risk of data being transmitted via unsecured networks, use VPNs (Virtual Private Networks) to secure your data by encrypting it while it’s in transmission. Having these in place will add an extra layer of security when it comes to your employees working from home. 

Make MFA (Multi Factor Authentication) compulsory

Multi Factor Authentication means you’re not just relying on passwords when it comes to logging in, making it more difficult for hackers to get in and see your sensitive data. 

If it’s not already compulsory in your business, it’s a good idea to put this in place so that if your employees are using weak passwords, you can have peace of mind knowing there’s an additional layer of security to get through. 

Speaking of weak passwords…

Use password managers 

65% of employees ‘just remember’ their password, showing that the password is likely something they’ve used across multiple platforms and is easy to recall. These passwords are typically weak as they are shorter and using real words. After all, who’s going to remember a random 16 character string of figures and numbers off the top of their heads?

Password managers can help encourage good habits, storing complex and unique passwords for many different platforms. 

Where to get started with DLP for remote working 

You should look for a great DLP tool like Metomic that suits your needs and business. With real-time employee notifications, automatic redactions and retention policies, as well as full visibility over your SaaS stack, Metomic can help you detect and protect your most sensitive data. 

To see the impact Metomic can have in your workspace, take a look at our recent case study with TravelPerk. 

‍