Co-Founder and CEO of LumApps, leading digital workplace communications solution for the enterprise.
With all the focus on digital workplaces and remote workers in today’s business world, maintaining secure systems is key to running your operations successfully. Recent legislation has enacted new rules and expectations for businesses, and you need to stay informed on them to keep up with the times. Here’s an overview of how to achieve a secure digital workplace under any circumstances and on a global basis.
The current state of digital workplace security
The security needs of the current digital workplace are changing. Traditional security methods that rely on established perimeters, password authentication and manual permission management are now obsolete. Employees are working remotely more than ever, utilizing third-party mobile applications and their own devices such as smartphones and tablets to perform essential work functions. Perimeter-based security systems are insufficient in such an environment. This new business reality, in combination with recent legislation such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA) mean that your digital workplace security solutions must evolve.
What are the GDPR and CCPA?
These two landmark pieces of legislation spell out consumers’ rights regarding how their data can be collected, used and stored. While there are some differences between the two, many of the general principles are the same. These include:
• Increased transparency: Businesses need to be more open about known security breaches, what data is being collected, whether data is sold to third parties and more.
• Right to be forgotten: Companies have to delete users’ personal information upon their request.
• Stiffer penalties for noncompliance: Many of the guidelines in these pieces of legislation aren’t new, but now companies that are noncompliant face harsher penalties (up to 40 million euros for the GDPR and up to $750 per affected user under the CPPA).
How do they apply to data security procedures?
Businesses that collect personal data are now expected to offer protection against malicious and illegal activity, prosecute bad actors and inform the public about data breaches within 72 hours. This adds new layers of responsibility, as any security breach event must be detected and acted upon quickly. Protecting sensitive data is more important than ever if a company wants to remain compliant and protect its public image.
Important capabilities new security software will need
The changing data security landscape demands that companies use security software with these features:
• Authentication without passwords: Passwords are notoriously hackable and easily forgotten. This results in poor security, increased employee frustration and lower productivity. Modern alternatives to passwords include tokens, biometric scanners and multifactor authentication systems that combine several methods.
• Redundant data loss prevention: With the increase in remote work and the many different hardware devices that access company information, it’s impossible to prevent data loss completely. That’s why it’s important to have redundant systems in place for as many layers of security as possible. For instance, features such as email attachment encryption, copy/paste restrictions and the ability to wipe lost or compromised devices remotely need to be implemented concurrently.
• Protected applications: This is the age of mobile technology. As many as 42% of workers use business-related mobile applications daily, and that number is expected to increase. Conversely, 83% of CIOs think mobile security threats are a major problem. Combat this danger by using a zero trust security approach that seeks to verify all aspects of a connection — including the device, applications on the device, users and networks — before allowing access.
• Microsegmented networks: Microsegmentation implements security protocols for individual workloads within a network. This means each virtual machine can be protected down to the application level. This approach allows companies to quarantine malicious agents once they’ve penetrated a network’s perimeter defenses and prevents more widespread infiltration.
• Robust analytics: A good security system must integrate comprehensive analytics packages. A proper tool set can analyze vast amounts of usage data and correlate patterns to diagnose troublesome areas. It can also identify weak spots and provide insights that result in more informed security decisions. Your entire security philosophy can adjust to current trends rather than remaining static. This makes the organization as a whole more dynamic and less vulnerable to unknown threats.
A digital workplace is a powerful tool that can accelerate productivity and improve the employee experience. It can enable your workforce to easily access applications, endpoints, data and networks from anywhere in order to achieve their business objectives. But it’s precisely this level of access that requires robust security to ensure all business data is kept safe within company walls.