By Sarah A. Lynn, Partner-in-Charge, IT Security Advisory
The COVID-19 pandemic has fundamentally changed the way people work. Millions of employees have been able to stay productive while working from home during the lockdowns thanks to remote collaboration technologies. Very quickly, virtual meetings became ever-present, and people could connect with their managers or give presentations from any location with internet access. As the vaccine rollout continues to make significant progress, however, many companies may need to review their telecommuting policies and re-evaluate their needs for large amounts of office space.
Even though working from home has been key to business continuity over the last 15 months, it has also opened up some potentially major security issues for companies. In an office setting, there are multiple ways to secure data, including firewalls and physical security measures such as badges, doors, locks and keys. However, remote employees could be working from their homes, their cars, or at a local coffee shop. They have laptops, mobile phones, tablets and smartwatches — all of which communicate with each other and could use several different services (Wi-Fi, Bluetooth, cellular data).
Being outside a secure office makes these employees, and their data, vulnerable to data leaks and hacks. Even something like a chat or text message could contain confidential information. This is why robust data security is vital for any company. Data breaches that compromise customer or employee data are costly, averaging over $3.9 million in 2020. They not only hurt a company's reputation and bottom line, but can also result in the theft of proprietary information or intellectual property. All professional services providers, whether they are lawyers, architects, engineers, financial advisors or even CPA firms, need to be vigilant about protecting their data.
Professional services business leaders must recognize this issue and take measures to educate their work associates. With that in mind, here are some practical ways to help secure access to data and mitigate the damage in the event of a breach.
Encryption Is Your Friend
You may have outfitted all of your employees with laptops and a secure virtual private network
(VPN). This might be enough protection when they use their device on a secure home network. But what if they are traveling or decide to work in a cafe? Many hotels, airports and cafes offer free Wi-Fi, but these unsecured networks allow hackers to gain access to data that is supposed to be secure. A VPN may protect outbound data, but it still leaves the laptop or tablet vulnerable. Encrypting the device itself will make it much harder for criminals to access the data.
Encryption can also help protect a device if it is physically stolen. Unattended computers, tablets or mobile phones are tempting targets for thieves. With the device in their possession, the thief could have a treasure trove of confidential information they can sell or use to scam your customers. If a device is encrypted, the data is safe, and you only lose the device.
Turn Off Services
Mobile devices are designed to make communication easy. This is a double-edged sword, however, unless there are security protections in place. For example, virtually all mobile devices have Bluetooth, and a growing number can be used as internet hotspots or have radio frequency identification (RFID) technology built right in. If these services are turned on, a hacker could potentially compromise the device. While these services are beneficial, they do not need to be active 24/7. All employees should be instructed to turn them off until they are needed, especially while traveling.
Make Sure to Back Up Your Data
With millions of Americans telecommuting, 10s of millions of laptops and other devices are floating around filled with potentially sensitive data. This creates a greater chance that data could be lost if a device is lost, stolen or damaged. Employees must back up their devices daily so the information will remain accessible if there is a catastrophic failure. Moreover, it is vital that employees restrict backup solely to company-approved destinations (cloud, server, encrypted hard drive). If they make a backup to another location, it exposes their organizations to a potential data breach they have no control over.
A few decades ago, it was unthinkable for an employee to have access to secure server from his or her home, or for them to be a potential target for hackers. Professional services business leaders must adapt their security policies to the time. Even with just these three relatively simple steps, companies can significantly reduce the chances of being subject to a costly data breach or cybercrime incident.
BPM Wherever You Need Us
With offices across the West Coast, from Orange County all the way to Bellevue, Washington, BPM has the deep, regional knowledge your business needs to succeed. From tax preparation and financial statements audits, to business and HR consulting, to outsourced IT and cybersecurity advisory, BPM’s skilled professionals have you covered.
For skillful, professional, up-to-the-minute outsourced IT security services, turn to BPM’s IT Security Advisory practice. Our innovative security operations center-as-a-service (SOCaaS) offering monitors your information security network 24/7, 365 days a year, allowing you to offload a major burden from your in-house IT team. Moreover, with the volume and laser-focus of our business, we are able to provide customers with truly world-class SOCaaS at a competitive price. To learn more about how BPM can help protect your professional services firm from cyber threats, contact Sarah A. Lynn, Partner-in-Charge of our IT Security Advisory Practice, today.