Work From Home

Technology trends already had security professionals working on how to build defenses for an environment that was no longer inside a perimeter wall. The necessity of WFH has brought more attention to this need. Other consequences of WFH include:

  • Unfortunate things happened in the haze of the initial move to WFH (e.g., plugging in unpatched appliances, fewer eyes on glass monitoring).
  • Highlighted security gaps for mobile device management (MDM) (e.g., organizations had former employees with data stored on devices used as part of a BYOD program).
  • Taking eyes off the ball – financial impact, personnel availability, new priorities, and other issues resulted in organizations making tough choices about what could be completed from its security road map.
  • Things were not noticed – while organizations were closed or while people were not working on-site, security events were not noticed as quickly.
  • Extended timeline for forensic investigations – there were numerous practical challenges, ranging from getting physical access to make an image of a device to installing an EDR tool on devices that were ofline.
  • False unemployment claims – starting in spring 2020 and continuing throughout the year, many organizations identified fraudulent unemployment claims for current employees (sometimes a few and sometimes hundreds, often including executives).
  • Ransomware impact – the combination of the WFH distraction from security, practical challenges of investigating an incident and restoring systems led to threat actors receiving payments, which led to a surge in ransomware events and higher ransom demands in the summer and fall of 2020.

Information Governance

Take Action

Avoid organizational information governance practices that don’t work in the “real world.” Real-world problems include:

  • Storing sensitive information longer than necessary and in locations not protected or managed by IT security (including external devices, file shares, and cloud services) – increasing an attack surface and creating opportunities for access to information that should not exist in the first place.
  • Inability to monitor and detect accidental exposure or theft by insiders of sensitive data.
  • Confounding employee use of information – necessary diagrams go missing, or multiple versions of the same document lead to confusion and inefficiency (or worse!).
  • Presenting inconsistent or nonexistent reportable practices during internal or third-party audits.
  • Multiplying costs during eDiscovery responses to litigation and regulatory investigation.

Consider taking discrete steps that offer outsize effects:

  • Execute a brief, focused information governance policy (e.g., “Manage Information Responsibly”).
  • Confirm a records retention schedule with defensible practices.
  • Automate the application of the records retention schedule against file locations according to information type and retention period.
  • Responsibly delete; move to storage; delete; concatenate and remediate; and delete again.

Share this page