Do I Need to encrypt data for remote workers? Many companies are faced with a dilemma: How do we keep our data secure while maintaining convenient access for home-based or remote workers?
Home-based working was on the rise before the pandemic, but the enforced lockdowns around the world made it a sudden requirement for the majority of formerly office-based staff to work entirely from home. Whilst it’s fairly straightforward to issue staff with a laptop, mobile phone and peripherals, enforcing security policies is not so simple.
In the UK, many businesses are adopting a ‘hybrid’ approach to home-working, where staff work both from home and their regular office. This means that more people are carrying laptops and other work-issued equipment between their different workplaces.
Office staff are familiar with accessing their digital work environment from a physical office and all of the support that comes along with that. Most office networks are configured to be secure, using Firewalls, Spam Filters and access restrictions to prevent malware and other nasties from entering the network. Most home broadband networks will not be configured in the same way, which increases the risk of data loss.
Another risk factor to consider the risk of a work-issued device getting lost or stolen, and the consequences of data getting into the wrong hands.
A somewhat obvious way to combat this risk is to encrypt data, both at rest and in-transit. When data is encrypted, it requires a strong password to decrypt and display the files to the user. Without the correct password, the data will be a scrambled mess of letters, numbers and punctuation, rendering it completely unreadable to anyone else.
In the case of an encrypted device getting lost or stolen, the data on that device is essentially useless. Beyond the material loss, the owner still has peace of mind in this situation that their data won’t be misused.
Encrypting every drive, phone, USB stick and SD card may sound like an easy solution, but in practice, encrypted devices must be used correctly by the end user.
How Data is Encrypted
Windows users can enable BitLocker, which encrypts the entire drive and requires a password when the device boots up. This is different to the windows user account password, as the standard Windows Logon does not encrypt or decrypt files.
Apple users can also encrypt individual files or their entire drive using the Disk Utility. You can also encrypt your Time Machine Backups too.
Both iPhone and Android devices can be encrypted, meaning they require a password when booting up which is in addition to any PIN or Biometric unlock codes.
Is Device-Level Encryption Enough?
Not necessarily. Encrypting an entire device sounds like the most secure way to store files when the device is in transit. However, the device is only encrypted while it is powered off. When it is powered on by the user with the correct password, it’s highly likely this device will be in standby mode and therefore no longer encrypted.
It’s vital that staff attend proper training so they understand how encryption works on their devices.
Are you Storing Confidential or Sensitive Information?
Encryption can help you meet legislative requirements around Data Protection. Customer data is extremely valuable, and you risk a large fine if you’re negligent with how you handle their data.
Individuals can suffer a lot of harm from having their data stolen, including harassment, blackmail, fraud, identity theft, damage to friendships and relationships and even physical violence. This is why legislation exists to protect the public – it puts the onus on businesses to take extra precautions.
Encrypting all personal and sensitive customer data, as well as robust and regular training for staff is vital to modern data security.
Read more: What are the Digital Risks to your Business?
Are Encrypted USB Sticks sufficient?
Yes and no. Encrypted USB sticks can be given to staff or contractors to work on specific files across multiple computers. In cases where members of staff use their own equipment, it can offer be safer to store files on an external drive, rather than the device itself.
However, there are some things to consider with encrypted USB sticks:
- They’re more expensive than regular USB sticks, they’re also small and easy to lose so replacing them can also be costly
- Staff have the ability to copy decrypted files from the USB stick to their laptop quite easily. At best, they do this for the sake of convenience, but there’s a huge risk for an unscrupulous individual to copy data with malicious intent
- USB sticks are generally inconvenient. You end up with multiple copies of the same file stored offline across multiple devices. Version control and central management of these files is incredibly difficult
Can Encrypted Data be Recovered if the device is damaged?
Yes, encrypted data can be recovered in the same way as non-encrypted data. When the data is recovered, it will still be encrypted and requires the original password to view.
Our experienced data recovery technicians are able to recover data from encrypted drives, USB sticks and devices, yet we can only view the data in its encrypted format.
Read more: What are the main causes of Data Loss?
Data Security and Remote Workers
So, should you encrypt data for remote workers? There are many more factors to consider when considering encryption and data security for remote workers:
- Strong passwords – passwords play a large role in data security, but password policies need to be strong as weak passwords are no better than having no password at all!
- Multi-factor Authentication – Passwords alone can be cracked, but multi-factor authentication via an App adds another layer of security
- Staff training – policies are only effective if staff fully understand them, so regular training is vital for all users who handle digital data
- Remote device management – this doesn’t necessarily mean spying on staff when they’re working from home! This means monitoring the status and health of the device to ensure it’s running efficiently with the latest software updates and security features enabled.