By Allen Drennan, Co-Founder & Principal, Cordoniq
Addressing the security challenges associated with remote work is critical for today’s Chief Information Security Officers (CISOs). Along with data breaches and ransomware attacks, another top concern is whether company or customer data or other sensitive information is being shared via remote work environments.
Data theft is climbing rapidly. A recent report from Identity Theft Resource Center shows that 2023 is on pace to set a record for the number of data compromises in a year, passing the all-time high of 1,862 compromises in 2021. Also, IBM reports that the average cost of a data breach in 2023 is $4.45 million, a 15% increase over 3 years.
Tools that make remote work easier have increased data breach risks. The significant increase in devices and networks has also expanded attack surfaces. Data storage, including information collected and stored by various cloud applications, adds even more uncertainty.
Meanwhile, heightened cybersecurity regulations are making it more imperative to protect data in order to meet strict compliance regulations such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Digital Operational Resilience Act (DORA), Sarbanes-Oxley (SOX), or California Consumer Privacy Act (CCPA).
Data encryption is a critical part of securing data. However, the type of encryption may vary depending on the software application. It’s crucial to understand how your data is being protected in different instances.
Data Collection and Storage Concerns
Data collection and storage is more complex now than ever before. For instance, data is used and stored in various locations, including devices, the cloud, in databases, on premises, and in data centers. Meanwhile, data is categorized by three different states (data at rest, data in motion, and data in use) that can change quickly depending on how it’s being used or accessed. Comprehensive data security strategies must address all of these instances.
The widespread use of third-party cloud and SaaS applications adds another layer of complexity to many environments. Organizations must be aware of how data is protected by the third-party apps they’re using.
For example, applications do not always protect data in each state of use. For instance, some off-the-shelf products for collaboration and communication indicate that they provide encrypted communications. However, in some cases, the application may only encrypt data in motion.
Data at rest, with some apps, may not be encrypted. Data at rest, or stored in a third-party cloud, may not be adequately protected. For instance, some video conferencing and collaboration tools do not provide full control of where data at rest is stored.
Many software products don’t offer encryption for all of their cloud services. As a result, data such as audio and video files or recordings, documents or other media could be at risk depending on how and where they’re stored. This can provide hackers the means to access customer data, company secrets, or other sensitive information.
Best practices and additional safeguards for third-party apps
Remote and hybrid work environments rely on a variety of third-party apps that provide employees and teams with the tools they need for an engaging and productive experience. But it’s critical for organizations to apply security strategies and additional safeguards to protect their information with third-party apps or SaaS tools.
Some additional security measures to implement for cloud-based applications include the following:
In addition, be sure to follow complete due diligence and best practices for vendor risk assessment when considering any third-party software. Every third-party software application should be reviewed by internal security teams to make sure it meets company standards. Organizations should consider software that is secure by design, meaning software with security built in and not added as an afterthought.
It’s also important to follow the software vendor’s recommended security and other software updates and monitor any other changes in the software vendor’s performance. Finally, be certain to understand how and where any software application is storing – and using – your data and information.
The post Best practices to protect data in remote work environments appeared first on Cybersecurity Insiders.
If 2023 was defined by panic and wonder over AI, and 2024 was spent experimenting with it, consider 2025 the […]
Today, we are excited to announce the general availability of Claude 3.5 Sonnet as the first Anthropic foundation model available […]
Though AI is (still) the hottest technology topic, it’s not the overriding issue for enterprise security in 2025. Advanced AI […]