The mass exodus of employees from traditional offices in the wake of the COVID-19 pandemic and the growing ease with which information can be moved and shared has made one thing clear: Businesses are facing a risk-filled new frontier when it comes to their data security.
The rapid shift to telework has only expanded the size and complexity of that risk, increasing the scope of internal and external threats, and challenging the effectiveness of current data security measures. Unsuspecting businesses face breaches that may damage their brands and rob them of revenue and intellectual property.
Internal controls have long been the gold standard to help businesses identify, assess, and manage risks. Increasingly, organizations have made the shift to include proactive monitoring of their transactional data to identify fraud, waste, and abuse. However, in the post-COVID new frontier, the universe of data is so much broader than simply monitoring transactional data that may not be enough.
Hackers and cyber-criminals tend to grab the biggest headlines, but less obvious threats can be equally dangerous. While trusted employees are moving, sharing, and exposing corporate data just to do their jobs, a malicious employee may be taking confidential information for personal gain or other nefarious reasons.
A strategy to proactively monitor unstructured data such as email, voicemail, internet logs, text messages, social media, blogs, documents, presentations, websites, and online customer reviews can help companies identify and manage emerging risks before they become major crises requiring a forensic investigation.
Implement a New Strategy to Reduce Risk
Developing and implementing new strategies to monitor a broader array of internal and external data may sound complex – and even a bit intrusive. Yet, if managed correctly, the new strategies will help protect sensitive data and preserve profits. A multi-pronged approach is recommended:
- Educate employees. Employee training and awareness is critical. Many employees are not even aware that they are putting their employers at risk by moving or sharing company information across multiple media. Others simply do not believe that taking confidential company information if wrong. Create and enforce policies detailing the do’s and don’ts of information use and provide regular security awareness training. Make sure employees are aware that policy violations will affect their jobs.
- Establish policies on confidentiality and privacy. Make sure that policies are in place that defines an employee’s expectation of privacy and your company’s right to monitor activity conducted on the company’s premises, equipment, and networks. Policies should also include the use of personal devices used for company business.
- Use and enforce non-disclosure agreements. Employment agreements should include specific language regarding the use of confidential company information and the employee’s responsibility to safeguard such information. Conduct exit interviews with departing employees that include a review of their non-disclosure agreement. Be sure to collect all company-owned computers, tablets, phones, and electronic storage devices.
- Implement monitoring technology. Leverage technology to gain insight on where information is going and how it is leaving the company. Implement monitoring technology to notify management when sensitive information is sent, copied, shared, or otherwise exposed. Inbound information is equally relevant as some downloads could leave the network vulnerable or accessible to the outside. Proactively monitor unstructured data where timing and information flow generate risk – for example, the departure of key employees, new product development, shifts in corporate strategy, or other major announcements.
The U.S. Cybersecurity and Infrastructure Security Agency recently issued a warning to businesses that fraudsters are focusing on virtual private networks (VPNs) and increasing phishing emails to teleworkers to steal usernames and passwords. “As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” the agency said.
The threats are real. To remain safe in this new data security frontier, businesses must recognize the emerging challenges they face, review their protocols, and take action quickly to help prevent potentially devastating internal and external breaches.
Contact us to learn more about ways our team can help you protect your business and conduct forensic investigations.