Data Security Is Indispensable For Nurturing A Distributed Workforce

Perfecting your risk mitigation strategy

According to Microsoft’s 2022 Work Trend Index, more than half (52%) of employees surveyed are considering going hybrid or remote in the next year. In this new normal, flexibility is proving essential, and remote work, to some degree, is here to stay. With remote and hybrid working arrangements rising in popularity — completely revolutionizing global talent acquisition and onboarding processes — privacy and cybersecurity threats remain a significant concern for many businesses and HR leaders.
 

Factors contributing to this risk include employees using both personal and work-issued devices for work-related tasks, which may unintentionally expose sensitive company data. And, for that matter, security is no longer just a CISO or IT concern but rather a risk that impacts the whole organization and its reputation, requiring active participation from all employees across the business, starting foremost with Human Resources.

A Remote Workforce: Personal vs. Work-Issued Devices

The pandemic, supply chain disruptions, and chip shortages have forced organizations to rely on their employees’ personal devices to fulfill their tasks. With the increased use of personal and work-issued devices, an organization's privacy and security posture is being contested. And as a result, organizations lack visibility into employees’ home networks, increasing vulnerability within the organization.

According to a Beyond Identity study, nearly half (49.6%) of survey respondents only used work-issued devices, while 39.1% used both personal and work-issued devices. For that reason, a considerable amount of corporate data is likely being distributed across personal devices.

In April, a study conducted by Sophos reported that 66% of organizations surveyed were hit by a ransomware attack in 2021, up from 37% the prior year. With a distributed workforce, organizations — now, more than ever — must be proactive in ensuring their most significant asset is protected. From a hiring perspective, companies acquiring global talent must adapt and mitigate the risks accompanying candidates and employees dispersed worldwide.

Since no organization is exempt from these threats, now is the time for HR and business leaders to determine HR’s role in improving security within the organization. While larger organizations often rely on software solutions, smaller businesses may struggle to break through the veil of personal ownership.

Business Awareness is Key

According to Ground Labs research, 70% of professionals surveyed believe their organization does not know where all of its data is stored. In April alone, the U.S. Bureau of Labor Statistics reported that some 4.4 million Americans resigned. Some employees take data with them when they leave, whether they intend to or not, which is an added risk given today’s security threat landscape. With a deeper understanding of where data lives, how it is being secured, and who has access to it, HR and business leaders can work closely with IT and security professionals to remediate and protect data. This collaboration can ultimately eliminate this increased risk.

Correspondingly, with emerging regulations, security is not the only concern for understanding where data is stored — compliance is paramount too. As companies continue to navigate the complexities of the landscape, such as complying with GDPR, HIPAA or CCPA, they must first understand what personal data they are holding. That includes knowing the location, amount, and types of information collected, such as the country or jurisdiction of the data subjects. Data awareness helps the company distinguish the value of its assets and develop a comprehensive security strategy.

Perfecting Your Risk Mitigation Strategy

A holistic approach is one of the most effective avenues to achieving compliance. Unless your organization is sharing customer data with a third party, your employees are often the only people with access to your company's crown jewels repository of customer data.

HR teams can reinforce the importance of employees' active participation in minimizing cyber risks by providing training across departments on proper handling and storage practices. This practice could help instill a strong sense of high alert when working with files and other data sources that contain individuals' personal and private details. These individuals, whether they’re customers, contestants, employees or other private citizens, have entrusted the organization they handed their details to. They expect that such information will be kept private and secure.

To fulfill this requirement and expectation, businesses should consider hiring a data protection officer (DPO) or a similar role. Assigning a well-informed and competent professional responsible for data privacy and security oversight will equip your organization with another level of assurance that data safeguards are being implemented and overseen as an ongoing process.

Likewise, to further help the organization remove unnecessary risks and achieve greater visibility and awareness, consider how non-technology groups across the organization, such as Human Resources and Marketing, can work together. These departments can be influential in detecting and removing unnecessary personal data such as aging ex-employee files, old customer service case logs, and out-of-date marketing prospect lists.

Without these critical steps, any subsequent action decision will be based on the assumption of where data is, leading to considerable risks being overlooked or ignored. At the same time, remember that you can protect the organization while instilling confidence in your employee's ability to safely make data-driven decisions in their role.

As businesses continue to inch closer to post-pandemic recovery and adjust to an ongoing distributed workforce, prioritizing data security, compliance and privacy are fundamentally expected and no longer reserved for large organizations with dedicated security teams. Any organization of any size that collects and handles any form of personal data will need to prioritize this objective to mitigate privacy and security risks.

Author Bio

Ground Labs’ Co-Founder and Chief Evangelist, Stephen Cavey leads a global team empowering enterprise organizations to discover, manage and secure sensitive data. He has deep security domain expertise with a focus on electronic payments and data security compliance. Visit Ground Labs Connect Stephen Cavey