It’s no secret that COVID-19 has accelerated the risks of online behavior with a record number of employees around the world working remotely. John Donegan, Enterprise Analyst, ManageEngine believes that with the right methods, company leaders can mitigate risky behavior and ensure their data stays protected.
As we’ve recently seen, unsafe employee behavior can lead to serious corporate data breaches. In some instances, the behavior is particularly nefarious — for example, this year when two Shopify employees accessed and sold transactional records for over 100 customers. In other cases, the breaches are innocuous, such as the recent Twitter breach in which employees unknowingly provided hackers with access to prominent accounts.Â
Whether incidental or intentional, unsafe employee behavior can have devastating consequences resulting in the exposure of personal and company-wide information, putting employees at risk and tarnishing company reputations, and unfortunately, COVID-19 has exacerbated the situation. While employees work from home, they visit potentially compromised websites, unknowingly divulge sensitive customer data, and access corporate data that should be off-limits to them.Â
We’re Seeing a Perfect Storm: Remote Work Fuels Risky Online Behavior
A recent study of remote workers‘ online behavior has raised eyebrows. More employees than ever are working remotely, which is precarious given that so many of these employees’ activities are unsafe. Additionally, of the 1,500 study participants, a sizable portion (37%) said they had no restrictions on their corporate devices whatsoever. This is a recipe for disaster.    Â
More and more workers are using their own devices to access corporate data and to put it mildly, many of them are not behaving carefully online. According to the study, the majority of people (54%) said they would still visit a website after receiving a warning that the site was insecure. Perhaps even more concerning, only 19% of respondents said they’d never return to a website where their information had been stolen. Â
If employees are, indeed, using personal devices to access corporate data and accessing compromised websites while working from home, IT leaders are wise to be apprehensive. Nevertheless, there are some simple ways you can keep your employees safe as they work from home. Â
Learn More: 4 Questions C-Suite Executives Should Ask About Cybersecurity
Control Browser Plugins, Extensions, and Websites
Lockdown your enterprise browser to ensure that only your employees have access to trusted business web applications. Also, to protect against cyberattacks, including viruses and ransomware, be sure to track browser usage trends among all of your employees.Â
Based on your business requirements, provide or revoke access to various web applications. Of course, this is a rather fluid process. As an example, someone may need access to a given dataset for a week or two for a project. However, at the conclusion of that project, that employee’s access should be rescinded. To that end, it’s important to take third-party contractors, vendors, interns, and other third parties into consideration. Â
Additionally, be sure to automate all routine endpoint management tasks, such as installing patches, deploying software updates, and tracking software usage statistics.Â
Enable privileged access for those—and only those—who need to access sensitive corporate data
You can allow your employees to access your remote corporate systems through RDP and SSH sessions. That said, in general, make sure your users have just enough privileges to access the folders and applications that they need to do their respective work. In regard to third parties, be sure to only assign temporary, role-based access to those individuals. Â
Assess Who is Accessing Which Files and WhenÂ
By creating a record of your employees’ baseline activity, you can more easily identify when an employee deviates from his or her regular behavior. For example, perhaps employees in Australia only access a given data set on a certain date or time. Your IT personnel could set up alerts to identify if these Australian employees deviate from their usual behavior, as this may be an indication your network has been compromised. Â
Conduct regular audits and review who has access to sensitive data. Be sure to conduct periodic audits in order to see who has access to particularly sensitive data at any given time. If you are wary of a particular user, consider utilizing privileged session monitoring to track, and perhaps terminate, that user’s active session.Â
Also, keep a record of any add-on browser components that could be capable of facilitating a security breach; track the overall browser health within your network, and generate reports of any computers that are not compliant with your security configurations. Â
Learn More: 5 Security Headaches IT Needs to Tackle This Holiday Season
Educate Your Employees
Lastly, be sure that your employees are aware of the importance of protecting user data. Training your workers can save your organization a lot of money in the long run. Also, don’t assume that your employees know the very basics. According to the aforementioned remote work online behavior study, 23% of all respondents did not know the meaning of the phrase, “Accept Cookies.â€Â Â
With so many people embracing BYOD (bring your own device) and remote work, it is vital that IT personnel are able to effectively secure their networks. Despite the rather precarious landscape, by performing the steps described above, you can rest assured that your sensitive corporate data will remain safe.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!