Remote Work and Data Security

There are a many concerns raised from a data security perspective that remote work brings for many organizations. In this post, we discuss working from home and what it means for data privacy and security. 

Working From Home: The Good, The Bad, The Ugly

“These unprecedented times” became the catchphrase of 2020. While 2020 came with its challenges, the silver lining for many was the new found freedom of working from home--less money spent on gas, dry cleaning, more sweatpants and less cubicle times. All joking aside, from a productivity standpoint, many large companies such as Spotify and Twitter have almost gone to an exclusively remote workforce. And while we have not seen the long term ramifications of this remote workforce on a company’s culture and other intangibles, there are a many concerns raised from a data security perspective that remote work brings for large and small companies alike. Below, we will discuss the good, the bad, and the ugly of working from home and what it means for data privacy and security. 

The Good

Right off the bat, let’s get some major benefits out of the way. The average American commutes just under 30 minutes to work one way. There’s an hour back in your day, so snooze that alarm or get that workout in. The cost benefits of working from home speak for themselves as well. Lunch goes from $20, to plus or minus $5 and you’re saving at least a tank of gas a week, not to mention car insurance companies will often give you a low mileage discount for spending less time on the road. So not only are you getting a few more rotations of your sweatpants in, you’re essentially getting a little raise. Lastly, working from home allows for more time spent with loved ones. This includes that puppy you may or may not have adopted during quarantine. All in all, working from home for many is a nice change of pace from the monotony of office life.

The Bad

On the other hand, working from home can be a bit isolating. If you live alone, heading into the office might have been some only social interactions you were having. Depending on your living situation, working from home could have added more stress rather than eliminating it. Remote work eliminates those water cooler conversations and bumps into that friend as you both grab your mid-afternoon coffee to push through the day. There is a certain level of comradery that comes with working in office. Whether its a shared suffering of working in the trenches together or the long nights spent grinding out the hit a deadline, working in-office allows for deeper connections and relationships that simply can’t happen in a remote setting.

The Ugly

While overall, remote working has shown a lot of positive benefits to business and individuals alike, this remote shift has had some ramifications for data security that aren’t positive at all. One key difference in working from home is the network you are connecting to. Offices and healthcare facilities will typically have much greater data security measures in place from a network perspective. Lower security levels creates room for opportunistic hackers to make their way into your PHI and PII. While this is a real issue, most of the data breaches are going to be from employees mishandling information or just being careless in the way they are using company resources. Sure, working from Starbucks might be nice, but hopping on their wifi, let alone sitting in a public space for all to see your computer screen clearly adds a level of risk especially compared to sitting at your desk in a secured building on a secured network.

The Solutions

A VPN is very beneficial to keeping unwanted eyes away from sensitive information. A VPN or Virtual Private Network is used to encrypt your internet traffic. This is especially helpful when working from home and especially when working from public spaces as it gives an added level of security. You log onto a VPN in a similar manner to how you log into any other account, but a company can have their own unique VPN that everyone connects to. Once connected team members can see and share data within the comfort of the protected VPN. 

Another great advantage of a VPN is that it can be accessed from anywhere with an internet connection. Whether you’re sitting at a Starbucks or on your couch, you can still have the added protection and security that utilizing a VPN brings. Overall, a company VPN would be a good step in the right direction for data security measures for a company looking to mitigate any of the risks of working from home. 

Once a VPN in use, another great addition to the data security tool belt would be a Data Loss Prevention Software of DLP. DLP’s are softwares that detect potential data breaches by detecting, monitoring, and blocking sensitive data such as PHI or PII while at rest (being stored) or in motion (being sent or received). DLPs create rules for how data can be transmitted within the network. They can also be used to prevent someone from copying data or taking it outside of the network. This prevents the use of flash drives or other devices to make unauthorized copies of information meant only for the eyes of people with access to the network. While DLP’s have been utilized far before the influx of this remote workforce, they are still a great still that is being adapted to meet the needs of the new challenges facing our digital landscape. 

DLP’s are great for fending off attackers, but they are not a replacement for robust employee training on data security and best practices. Things like strong passwords, closing your computer when you leave your desk, and automatic shutdown after a certain period of inactivity are all good practices to introduce into the work from home environment. Utilizing best practices like these will allow your team to keep security at the forefront of their mind. Being aware of phishing scams and ransomware practices is a necessary part of making work from home a long term reality. While training like these aren’t always the most exciting uses of a Monday morning meeting, they are a necessary evil given what is at stake. As cited in previous blogs, the average cost of a data breach in America was around 3.5 million dollars (USD) according to a 2020 study. So while, a data security training might seem like the last thing you want to invest time and resources into, it could quite possibly save you and your company millions.

Ultimately, as technology advances we are faced with challenges that we have never faced and met with problems we don't necessarily have an existing solution too. While at face value working from home might seem like a great alternative for many, there are always going to be unintended consequences we need to be aware of.


Need HIPAA help?

Accountable can help you achieve HIPAA compliance for your company.

Schedule a Call

More Articles