The COVID-19 pandemic has proven to be an accelerator for the trend to work from home. Some organizations are transitioning back into offices but under a hybrid model, while others have found fully remote work seems to work for their team. Both methods greatly impact how we work, and more importantly, how we navigate data security.
What are the main challenges and questions that arise from using a partially or fully remote working model? Here are some common mistakes both leadership teams and fundraisers will want to avoid.
Sending work emails to or from your personal email
Sending an email containing a spreadsheet or a donor’s information to your personal email address for easy access whenever you need it might seem harmless, but there are a number of risks associated with this. It could lead to breaking privacy contracts, breaching data protection regulations, or losing proprietary information. Unencrypted documents or email attachments are able to be intercepted by hackers, and potentially expose your entire donor database and all its data.
Using public wifi or a personal device as a hotspot
While we tend to use the phrase “work from home” broadly, a more accurate term would be “working remotely”. You could be checking emails while in a coffee shop or catching up on work while on the train home. In either case, you will likely have access to a source of public wifi. If not, you might opt to use a personal hotspot from your phone for internet access. However, both options present clear dangers to data security.
From a security perspective, any device used to connect to your network could be a risk. Why? Because there’s no way for a company to effectively manage the software and security of devices they do not own. If a phone is being used as a hotspot and has already been compromised by an attacker, or if a bad actor is connected to the same public wifi, it’s possible it could be used to pivot to the company network, placing the entire donor database and all their private data at risk.
Unorganized cloud storage
While it’s fair to say that the transition from office-to-remote would be impossible without the cloud, there are still some security concerns that must be addressed in order to lock down your sensitive information. It’s still necessary to put in the work to ensure that your data is stored in the correct places and is appropriately secured, just as you would with a local storage solution. However, the most likely security compromise with cloud storage is user-based. Since files stored in the cloud can technically be accessed by anyone, it is crucial that only those who need access are given access to limit the chances of that data being exposed to any malicious actors.
Conferencing and collaboration tools
Working remotely means an increased reliance on conferencing, chat, and other collaboration applications to stay in touch with colleagues. These applications come with security considerations. But human behaviors often thwart the best intentions of these security measures. For example, a screenshot of an online meeting may reveal information that would be useful to an attacker; such as a Zoom meeting ID that allows anyone to join that meeting without a PIN. Additionally, we’ve seen hackers design attacks that specifically target communications apps and platforms as we’ve moved to these tools en masse.
Not protecting our devices
Working on devices outside of the office, even in a home environment, carries additional risks. There is always the potential for an attacker to get physical access to a device. How many times have you left your device in plain sight? Near a window or at a restaurant table? Your first concern may be the personal information on your device, but fewer people consider that the device also authenticates access to your organization’s data.
What steps can you take to prevent security breaches at your organization? Take our FREE 15-minute assessment and receive your own Data Security Health Score and find out how secure your organization’s data is.