Data protection and security in the digital workplace

eXo Platform Blog

Data protection and privacy has long been one of the major challenges facing both organizations and governments alike.

With technology becoming an essential part of the daily and working lives of many – with dedicated cloud-based solutions for virtually any business need, such as messaging apps and digital workplace solutions – the task of securing sensitive and personal data has become even more challenging.

Long before the Covid-19 pandemic even began, employees favoured flexible working arrangements and tended to work from remote locations where possible (at least partially). These practices, of course, rendered traditional security methods and frameworks outdated. Security requirements have evolved and now need to embrace a broader range of factors, not only limited to the office infrastructure, in order to counter the threats of phenomena such as shadow IT, and also support modern working policies such as BYOD (Bring Your Own Device) among others.

Additionally, we have seen the implementation of many initiatives and regulations aimed at protecting personal data and increasing transparency and trust, such as the General Data Protection Regulation (GDPR) in the European Union and many other privacy laws linked to countless countries. Add to that the multitude of international information security standards and programmes such as ISO/IEC 27001 and FedRAMP, to name just a few, and businesses find themselves under increased pressure to comply in order to protect their data, remain competitive and, of course, avoid hefty penalties in cases of security breaches and non-compliance.

In this blog post, we will examine the impact of Covid-19 on digital workplace information security and data protection and walk through a couple of proven best practices and techniques for a modern digital workplace security approach.

Covid-19: A catalyst for change?

It goes without saying that the Covid-19 pandemic has had an enormous impact on everyone in the last year or so. Both businesses and employees found themselves in an unprecedented crisis that forced them to quickly change and adapt the way they go about their daily operations. Communication apps, collaborative suites and digital workplace solutions witnessed a sharp increase in demand as remote working rapidly became the way to go in order to comply with strict lockdowns in the early months of the pandemic and even today.

Although the solutions available allowed for a quick transition from the office to employees’ homes (at least in terms of productivity), the major concern for IT professionals has been balancing productivity and security. This leads us to two important questions:

(1) How can we guarantee the security of such a transition?

(2) Would the existing security frameworks and policies be adequate enough to cope with the current changes?

To examine both questions, we would have to first understand the different challenges related to working remotely and specifically what causes them.

A study conducted by CyberArk examined the state of security in the current remote landscape. The results mainly revolved around the role of employee habits and the tools they use in relation to overall system security. For example, 67 per cent of the surveyed respondents stated that they often overlook security policies to save time and be more productive. Such bad habits include sending documents to personal email accounts, sharing passwords and installing applications without the approval of the IT department.

Additionally, the same study also found that 69 per cent of employees use corporate devices for personal use, with a further 57 per cent allowing even their family members to do the same, which obviously can add to security vulnerabilities.

With these figures in mind, we can assume that employees have an important role to play in keeping their overall systems and digital workplace solutions safe. Bad habits and actions at the individual level (with no malicious intent in most cases) can have severe consequences on entire systems. For example, ever since the start of the pandemic, there has been a rise in the number of phishing emails and scams. According to one Barracuda Networks study of  1000 decision makers located throughout the US, UK, France and Germany, 51 per cent of organizations indicated that they have witnessed an increase in the number of phishing attacks since transitioning to full remote working, mainly owing to the sudden and rapid transition from the office.

 

Yet, what is more worrying is that the same organizations stated that 51 per cent of their employees aren’t properly trained to deal with threats related to remote working, with a further 46 per cent not confident that their web-based applications are even secure. The last statistic, though, is a bit different from the above CyberArk results, which, on the contrary, found that 94 per cent of organizations are confident that their current IT infrastructure can handle the transition.

Confident or not, organizations – regardless of their size or industry – rushed into the transition, which obviously led to the aforementioned challenges and widened the attack surface for hackers to infiltrate entire systems.

But are the existing security procedures adequate enough to guarantee a safe and secure remote working experience?

Well, the short answer is no. Traditional security procedures that only cover local perimeters, and rely on basic password authentication, permission management and access control, are not enough to handle the new wave of (often unauthorized) cloud applications on top of the authorized ones used by employees at home. This is why, to secure and protect sensitive data within the digital workplace and beyond, businesses need to evolve their security policies and infrastructure to meet this new reality.

Best practices for digital workplace security and data protection

In this section, we will walk through some proven techniques that can help optimize the response for such attacks and secure digital workplaces overall.

  • Perform a gap analysis

The quick transition to remote working will inevitably lead to many technological gaps, especially since many businesses weren’t necessarily ready for such sudden changes. If employees don’t have what they need to perform their jobs effectively, then they will turn to third-party apps and even their personal messaging apps and emails, thereby putting everybody’s data at risk.

A gap analysis is what’s needed to understand these gaps and take action accordingly. More often than not, IT teams start by examining their current system’s infrastructure and then assess their employees’ needs and determine which procedures and tools are required to fill the gaps.

  • Raise awareness on new data attacks

Following the pandemic, hackers have become more innovative in finding new ways to infiltrate information systems using a variety of new methods. According to one Cynet report that analyzed cyberattacks during the Covid-19 pandemic, 35 per cent of detected cyberattacks employed new methods compared to 20 per cent prior to the pandemic. This – coupled with untrained employees, outdated systems and security procedures – can have significant repercussions on entire organizations. This is why it’s important to ensure employees remain aware of the known and the latest types of attacks and how to avoid and report them. Such attacks usually appear as phishing emails with weaponized documents, links to suspicious sites, and so on. Additionally, in an attempt to familiarize employees with such attacks, businesses intensified practical testing by sending out suspicious emails in order to identify weak links and figure out how their teams respond in real-life situations.

  • Introduce a zero trust security model

In its simplest form, a zero-trust security model or approach revolves around the idea that businesses should under no circumstances trust any of the software and hardware operating within its perimeters. This means that IT teams should continuously monitor connections going in and out of its systems before granting any permissions.

A zero-trust architecture (ZTA) requires technologies and procedures designed to shift the focus from enforcing only local perimeters to enforcing perimeters based on the usage behaviour, location and devices used. Additionally, the process of micro-segmentation is also required within a ZTA as a preventive measure. This allows businesses to set up security at an application level, meaning that if a specific app gets infiltrated, the latter can be isolated from the entire system, thus preventing further damage.

  • Establish a data loss prevention (DLP) strategy

Data loss prevention (DLP) has been a topic of increased interest for CIOs over the years. With remote working taking the center stage nowadays, preventing data from being lost has become even more critical since employees use a multitude of apps and devices to get things done. This has ultimately led to data being lost in endless email threads and unauthorized devices, which eventually poses a threat to the systems in place and to employee and customer data.

To cope with these challenges, businesses need to establish a DLP strategy that mainly comprises a combination of policies and technologies. The first step is to determine which data is critical, the level of protection, who can access the data and, of course, the perimeters to monitor. For example, prior to the pandemic, the perimeters were more or less restricted to the office, making it easy to determine the devices to keep an eye on. Today, with BYOD  and the threat of shadow IT, the perimeters have become even wider and traditional techniques such as configuring and restricting certain workstations have become obsolete. Instead, some new DLP systems use both software (at the app and operating system levels) and hardware techniques to limit the amount of data loss and leaks within the digital workplace. Such techniques include data encryption, copy & paste restrictions, hardware-based encryption, OS baselining and the elimination of unwanted devices through remote wiping.

  • Deploy multiple authentication methods

Within a remote working environment, the risk associated with simple and outdated authentication methods is significant. Employees tend to forget their passwords or apply the same credentials to more or less any apps they use. To cope with this, IT teams often try to educate employees on how to protect their passwords (for example, by not using the same password for work and non-work-related apps and platforms). Additionally, many have leaned towards multi-factor methods such as SAML2, Google, Microsoft5 and OpenID. Last but not least, recently we have witnessed an increased interest in removing passwords altogether and introducing new security means, including biometric scanners and tokens.

The digital workplace, among other business applications, has enabled businesses to quickly and effectively respond to the ongoing Covid-19 pandemic. However, with work moving from the office to employees’ homes over such a brief period, there is an urgent need for security techniques and procedures to be in sync with the current situation in order to provide a complete and, more importantly, secure remote working experience.

 

 

What is a digital workplace?

A digital workplace is a next generation of intranet solutions or intranet 2.0 that is based on three pillars: communication, collaboration and information. In a way this definition is true but it doesn’t cover the whole spectrum of the term.
Here are some definitions of digital workplace:

  • An evolution of the intranet
  • A user centric digital experience

See the full definition of digital workplace


How to launch an effective Digital Workplace?
  1. Understand users’ needs
  2. Identify your digital workplace ambassadors
  3. Build the digital workplace brand
  4. Training and onboarding
  5. Plan the big day

Find out how to create a digital workplace


Why digital workplace security is important?

When first deploying a digital workplace, businesses often look to integrate it with legacy systems and third-party applications. This results from the growing willingness of employees to use their own devices and apps at work.

According to an intel study, 61% of Gen Y employees and 50% of employees over the age of 30 believe that the technology tools they use in their everyday lives are more effective than those provided by their employers’ IT departments. To counter the phenomenon known as “shadow IT” and to ensure the security of personal information and sensitive data, IT teams have progressively leaned towards holistic digital workplace solutions that can group a host of features and that are easily integrated and securely accessible through two-factor authentication and single sign-on.

Discover the importance of digital workplace security


How do you secure your Digital Workplace?

Here are some best practices to minimise security threats in digital workplaces:

  1. Develop a cybersecurity policy
  2. Continuous training
  3. Control access to information
  4. Be sure to update regularly

Find out how to secure your Digital Workplace


What is the impact of Covid-19 on digital workplace information security and data protection?

It goes without saying that the Covid-19 pandemic has had an enormous impact on everyone in the last year or so. Both businesses and employees found themselves in an unprecedented crisis that forced them to quickly change and adapt the way they go about their daily operations. Communication apps, collaborative suites and digital workplace solutions witnessed a sharp increase in demand as remote working rapidly became the way to go in order to comply with strict lockdowns in the early months of the pandemic and even today.

Find out How Covid-19 has impacted information security and data protection in the digital workplace


What are the different challenges related to working remotely?

A study conducted by CyberArk examined the state of security in the current remote landscape. The results mainly revolved around the role of employee habits and the tools they use in relation to overall system security. For example, 67 per cent of the surveyed respondents stated that they often overlook security policies to save time and be more productive. Such bad habits include sending documents to personal email accounts, sharing passwords and installing applications without the approval of the IT department.

Discover some challenges related to working remotely


What are the Best practices for digital workplace security and data protection?

Here are some best practices for digital workplace security and data protection:

  • Perform a gap analysis
  • Raise awareness on new data attacks
  • Introduce a zero trust security model
  • Establish a data loss prevention (DLP) strategy
  • Deploy multiple authentication methods

Find out some proven techniques that can help optimize the response for such attacks and secure digital workplaces overall.


What are the causes of low digital workplace adoption?

Here are some of the reasons why employees adopt a digital workplace slowly, or refuse to use it altogether:

  1. Failure to study and understand the organisation’s needs and its teams’ needs
  2. Limited to zero information within your intranet
  3. Not mobile friendly
  4. Your employees are not provided with good training

Find out some reasons of low digital workplace adoption


How to be a good digital workplace manager?
  • Analytical skills and approach
  • Focus on employees
  • Communication and strategic vision

The success of a digital workplace project depends on a number of factors

Related Posts
Product Marketing Specialist

I am a product marketing specialist at eXo. My role is to assist marketing and sales teams in their operations and present our digital workplace solution to the world. I mainly blog about the latest tech trends, digital transformation, internal communication and how to navigate through eXo Platform.

Comments
Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>