Distributed work (also known as remote work) is the future. It always has been. Although the coronavirus pandemic has forced many of us to adopt telecommuting sooner than we would have liked, it’s a transformation that was always going to happen, one way or another.
It’s also a transformation that isn’t without risks.
Given how many employees are now consistently working from home and how many will likely continue to do so even after the pandemic ends, the traditional “walled fortress” approach to cybersecurity is no longer sufficient. Files containing sensitive and critical data are now being shared and accessed freely from outside the firewall.
And they should be. If you attempt to address this widespread collaboration via more draconian access restrictions, you’re only going to damage employee productivity. Instead, you need to adopt a decentralized security framework, one which focuses on protecting assets wherever they wind up.
Here are a few tips to get you started in that regard.
Automate Provisioning And De-Provisioning
Automated user provisioning is an easy way to save time while still maintaining general file security. Rather than having to manually set up access and audit individual accounts or user groups, automated provisioning allows you to quickly extend the necessary permissions to someone based on a set of preconfigured profiles or conditions. Automated de-provisioning, meanwhile, allows you to quickly rescind permissions from people who no longer require them.
This might be a client who’s chosen to work with a competitor, for instance, or someone who has since left your organization. By automatically removing access and accounts, you significantly reduce the risk of a data breach.
Regularly Audit Accounts, Activity Logs, And Access Permissions
Your cloud stack can be configured to only allow specified repositories or cloud products to contain sensitive information. By arranging vulnerable data into silos, this allows you to more efficiently manage the scope of access. You’ll want to look into a collaboration tool that allows granular access controls, file permissions, and user group management. Provided you’ve deployed such software, the process for access configuration should be relatively straightforward.
Admittedly, however, it can be easy to lose track of clearance levels for each individual user. For that reason, it’s imperative that you periodically audit the list of individuals with file access permissions and remove authorization from anyone who no longer requires it. I’d strongly recommend doing this even if you’re using a tool with timed file access, as there is always the possibility of operator error.
This extends to your activity logs, as well. Not only can you troubleshoot performance issues, regularly reviewing access requests and file activity can help you detect and trace potential leaks or breaches before they become a significant problem. Knowing what’s being accessed and by whom is critical if you are to keep your assets secure.
Finally, I’d advise speaking to representatives from each department within your organization so you can gain a better understanding of what assets they require and how they use them. Someone working in sales, for instance, likely doesn’t need editing permissions for a pitch deck, but someone working in marketing does. This understanding will not only allow you to configure your platform to better meet employee needs, but also provide a clearer picture of potential threats and risks.
Configure Login Requirements And Educate Staff
You do not hold sole responsibility for protecting your business’s information. It’s a responsibility shared by everyone. That’s why it’s critical that you frequently educate your team and communicate to them both processes and policies along with their rationale. As a starting point, all content, including private customer information, should be treated as restricted data.
It’s advisable to incorporate password policies, including expiration dates and strength requirements. Employees should be trained to use strong, unique passwords, and ideally provided with a password manager for critical accounts. I’d also recommend enabling two-step verification wherever authentication is required.
Use A Single-Sign-On (SSO) System
SSO is an excellent option for managing account access. It creates a consistent login experience for your users, ensuring they don’t need to remember a range of different credentials. They need only log in once to gain access to all the necessary assets and resources, including your content collaboration system.
In this way, SSO automates much of the security setup that you’d otherwise have to manually manage, providing lateral access between cloud users and cloud tools. This enables more centralized management of passwords and authentication, just-in-time provisioning, and automatic lockout. It can also help reduce the security risks posed by high login numbers and cloud applications in daily operations.
Currently, security leaders do well enough when it comes to protecting stored material and in-transit data. However, particularly in an era of distributed work, they need to do more. They need to protect data once it leaves the firewall, controlling both access and editing permissions for critical documents.
Without this file-centric approach to security, your distributed workplace will, for all intents and purposes, not be fully secure.