Ari Baranoff | Managing Partner & Founder at BlueCoat – Corporate Investigative Solutions |
Before COVID-19 approximately 4.7 million employees in the U.S. worked remotely. Today that figure is millions more as businesses have adapted to the notion of work from home. A colleague of mine, Dr. Rodrigo Nieto Gomez, research Professor at the Naval Postgraduate School, recently opined that “Many companies are discovering the advantages of remote work and may never come to a fully collocated structure once the worst is over.”
While having remote staff has its advantages, there are a number of increased risks to be cognizant of such as data and intellectual property loss. So how should businesses deal with insider risk concerns when an employee works from home?
Policy Considerations
(1) Have a procedure in place that provides for quick response and triaging of data loss events. This includes freezing the employee’s access, entitlements and privileges at the point of discovery.
(2) Locking down ports on company issued devices is essential. For staff that fall into an exception, company directives and onboarding agreements should stipulate the disallowance of personal cloud storage and portable hard drives for maintaining proprietary material as well as other policies relevant to working from home.
(3) In an incident where proprietary data migrates to a personal storage device have a strategy in place to deal with the negotiation, retrieval and consent to conduct a forensic analysis of the device, or witness (via video conference) the “deletion” of the material. Ask the employee to sign an “undertaking” as to the deletion of company records in his/her possession prior to final payout. This supports civil and criminal penalties in the event that a subsequent intentional disclosure or misuse of proprietary material is discovered.
(4) Note the possibility that a forensic analysis may disclose evidence of another company’s proprietary information or other forms of misconduct that may need to be disclosed to law enforcement.
(5) Remote wiping capability of company computers should exist assuming you are unable to retrieve issued machines.
The Fundamentals
There is no one size fits all response to every internal wrongdoing scenario. Foundationally, it is important to have the right contingency plan, procedures and guidelines in place that now account for the home office and the likelihood that some sort of insider abuse event will occur. Guidelines should include appropriate cyber hygiene and record keeping protocols for the home environment as well as how to manage internal wrongdoing allegations.
Further, it is paramount that “reasonable measures” are in place to protect your data prior to a loss event. Keep in mind that a lack of controls may be viewed as an assumption of risk. Finally, “hot wash” past events to refine policies and learn to pivot from earlier experiences; History is often our best predictor of future occurrences.
At BlueCoat, we think about insider risk in every corner of your operation. Trust us as your expert resource for employee wrongdoing concerns and developing workforce risk programs. Stay focused on your business and mission, let us handle the distractions.