Challenging Times Is Not An Excuse For Poor Security
The benefits of working from home should out way the negatives (they certainly do in my personal circumstances), and many of us are now adopting this style of working, but at what cost and what are companies doing about it from an IT Security perspective? Part of ensuring all of us here at 3B Data Security can work effectively is making sure we all have access to what we need whilst maintaining robust IT security. The very nature of our business makes it all the more pertinent, and of course, we should lead by example and practice what we preach.
However, why are other companies not stepping up when it comes to security, are they even 'aware' of what the risks are? Are employers and employees aware of the serious implications if a homeworker fell victim to a system compromise resulting in company and client data being exposed? How many employees are handling PII and financial data from home on a daily basis, and how many have an insecure home network? How many employees are local admins on their machines and storing sensitive data on that machine at home. Worse still, are they allowing other family members the use of those machines, ultimately for non-business purposes?
There are many solutions that companies can adopt quite easily without a high cost, proper device management, VPN and MFA being the most common. But it does worry me that an astonishing number of companies were already floundering when it comes to IT security even before COVID-19 happened and we ended up in the world we are in today. Have they used a risk management process to identify and assess the new potential risks associated with working from home?
Yes, individuals should consider the IT security risks when working from home and not be irresponsible (i.e. allowing children to use corporate assets). However, it is the company's responsibility for proper implementation of security requirements, providing their staff with meaningful security awareness training, and should be improving or adding new security controls in order to safeguard their IT systems, which in turn helps protect data, staff and customers.
On top of this, companies may not be aware they could be falling outside of PCI DSS compliance.
With a wide range of services and a wealth of IT security and cybersecurity experience, 3B Data Security can assist companies in remedying security shortfalls and mitigating risks to an acceptable level.