Part 3 – Managing DLP Processes with a Remote and Hybrid Workforce
Since the outbreak of COVID-19 in 2019/2020, the way we work has changed. Before, working from home was the exception, with organisations citing challenges in managing a remote workforce, maintaining security, and dealing with limited remote network connectivity. Then, almost overnight, businesses instructed their workforce to work from home, and the challenges of supporting a remote workforce seemingly disappeared. Today, businesses have varying opinions on whether their workforce should return to the office full-time or embrace hybrid working models, weighing the benefits of cost savings and employee satisfaction against potential security and productivity concerns.
The challenges, though, still remain, as users still maintain business laptops and mobile devices. It’s been interesting to see how businesses have addressed the challenges of supporting a mobile workforce while keeping security under control. Some organisations have taken the virtual desktop route for remote access, while others have looked to put additional security products on the remote device that prevent data from being exported.
During our client Security and DLP projects, we’ve consistently observed clients confidently explain that they’ve switched off USBs on laptops but overlook the fact that a home network still provides access to network-attached storage devices, the internet, and the ability to migrate data off the laptop if the device doesn’t have suitable endpoint security to protect the organisation’s data.
Common Pitfalls and Misconceptions
There are several strategies organisations often try when implementing DLP, but they come with their own set of challenges:
- Restricting access on ‘non-core’ platforms: While limiting access to sensitive data on tablets and phones might seem like a DLP solution, it can frustrate employees who rely on these devices for work.
- Relying solely on access control systems: Access controls are important for DLP, but they don’t prevent data theft by insiders.
- Assuming standard security packages are sufficient: Built-in security features on laptops and PCs offer some protection, but they’re not designed to comprehensively address data loss within a DLP framework.
- Ignoring data management at the source: A key part of DLP is identifying and managing sensitive data from its creation point, preventing unauthorised movement within the organisation.
Solutions for a Hybrid Workforce
Every organisation’s Data Loss Prevention Policy must account for the mobile workforce and, as such, solutions must account for all occurrences of data movement. Solutions must be identified and implemented that account for users’ hybrid working, providing a platform to work while also protecting data that may be loaded on mobile devices.
To effectively address the challenges of a hybrid workforce, organisations need a multi-faceted DLP strategy.
Here are some key solutions to consider:
- Endpoint DLP Solutions: These provide granular controls over data movement on endpoint devices, allowing you to monitor, block, or encrypt sensitive data based on your policies.
- Cloud Access Security Brokers (CASBs): CASBs give you visibility into and control over your organisation’s data in cloud applications, ensuring that data remains secure even when accessed remotely.
- User and Entity Behaviour Analytics (UEBA): UEBA solutions use machine learning to detect unusual or potentially risky user behaviour, alerting you to potential data breaches before they occur.
- Data Encryption: Encrypting sensitive data both at rest and in transit adds an extra layer of protection, making it unreadable to unauthorised parties.
By implementing a combination of these solutions and tailoring them to your organisation’s specific needs, you can effectively manage the flow of data and protect sensitive information in a remote or hybrid work environment.
Stay tuned for our next blog post in this series, where we’ll dive deeper into why DLP is more than just an IT project and how to ensure business buy-in for long-term success.
