VPAT - GRAVYTY LOGO - MAIN LOGO
Ë
    By Drew Fox Jordan • December 21, 2021

    Prevent Data Loss While Working Remote, Hybrid, or In The Office

    Prevent Data Loss While Working Remote, Hybrid, or In The Office

    Working from home during the COVID-19 pandemic has redefined how we approach data security. From the physical space we do our work to the behaviors of remote employees, these unknowns make today's environment ripe for cybercriminals.

    While some organizations have operated virtually for months and even years before the outbreak of COVID-19, constantly changing rules about working from the office or home can be challenging to stay up-to-date on all data security policies. That means they've had to – very quickly – equip their teams with new devices and tools, update policies and procedures, and even security stacks. Of course, they're doing all of this while trying to maintain "business as usual" which means monitoring and preventing organization-wide data loss.


    Join 30,000+ fundraising professionals that receive our weekly Sunday newsletter with industry trends, tips, and analysis delivered right to your inbox


    Here are 5 things you can do to cover the bases in today's dynamic work environment:

    Prioritize email

    Even with collaboration tools like Slack, email is still king. It is the central nervous system of all business communication - and is impossible to avoid.

    Over 124 billion emails are sent and received every day, and employees spend 40% of their time on email. And, when you consider what's being sent back and forth in emails (spreadsheets, invoices, donor information, and other structured and unstructured data), it's no wonder IT and security leaders consider it the number one threat vector for data loss.

    Whether it's a disgruntled employee purposely exfiltrating data or a negligent employee who accidentally sends sensitive information to the wrong person, email is a leaky pipe. 

    Clearly communicate what constitutes "data loss"

    It's employees who have to take on the role of protecting a company's most important asset: data. But, unfortunately, many are blissfully unaware of what is considered a data loss incident.

    It's up to leadership – especially now as employees adjust to their ever-changing work environments – to communicate what data is sensitive and how employees must handle it. 

    While healthcare fundraisers may be well-versed in what data can and can't be stored and shared due to HIPAA regulations, fundraisers working in higher ed or at a nonprofit may not be.

    For example: if you don't tell employees that sending company data to their personal email accounts is considered unauthorized and could lead to a data breach, they'll never know they shouldn't do it. Likewise, many employees don't realize that sending an email to the wrong person could be classified as a data loss incident. 

    Don't blame employees, empower them

    As we've said, employees are the gatekeepers of an organization's most sensitive systems and data. But, many aren't familiar with security best practices or the implications of a breach. And, beyond that, many don't have the necessary tools to work securely. So, it's up to nonprofit leaders to empower them to do so.

    How? It comes down to training and technology.

    Give your employees the correct technologies to enable them to share data securely with colleagues and prospective donors. The moment we don't train them or give them a solution, an employee will find a workaround, and we risk causing a large-scale breach affecting the entire organization.

    Re-think security awareness training

    There are three fundamental problems with training:

    • It's boring
    • It's often irrelevant
    • It's expensive

    The bottom line is that it has to resonate for training to be effective. And, for it to resonate, employees have to understand the who, what, and why behind security policies and procedures.

    They recommend using different methods and mediums to communicate risks and preventative strategies and – perhaps most importantly – ensure you aren't overloading them. That means breaking complex subjects down into more manageable pieces and translating technical jargon and concepts into language that's easier to understand.

    Know the limitations of rule-based DLP solutions and invest in technology that proactively adapts

    DLP, or Data Loss Prevention, isn't just a challenge now that workforces split time between remote and in-person. It's been a consistent pain point for IT and security teams for a long time and for several reasons. One of the biggest problems around DLP is that rule-based solutions aren't adaptive. Not only are they admin-intensive to set up, but they're virtually impossible to maintain. 

    Machine learning security systems can act faster and stay on alert around the clock to ensure that your data remains safe even as new threats arise.

    UP NEXT: The 13 Cybersecurity Sins Of Working From Home

    The 13 Cybersecurity Sins Of Working From Home

     

    Posts by Topic

    see all