Coronavirus: Companies ‘sitting ducks for breaches’ without IT security for telework

Dive Brief:

Due to the novel coronavirus pandemic, companies may now require employees to work from home —​ but most employers may have rushed it without giving thought on how to secure their most sensitive data, according The International Association of IT Asset Managers (IAITAM). “Companies and agencies without business continuity plans with a strong IT Asset Management component are going to be sitting ducks for breaches, hacking and data that is out there in the wild beyond the control of the company,” Barbara Rembiesa, president and CEO of IAITAM, said in a statement March 18.

  • For example, the U.S. Securities and Exchange Commission (SEC) asked employees at its headquarters in Washington, D.C. in an email the afternoon of March 9 to telework after learning an employee was referred for testing for the new coronavirus. The majority of staff began teleworking March 10, and the agency “has now transitioned to a full telework posture with limited exceptions,” SEC said on its website. An IAITAM report published in 2015 found 22% of SEC laptops had incorrect user information, the association said. “Under the circumstances cited in the IAITAM report, the SEC would have little confidence that it knows who is working remotely on which machines and under what circumstances,” IAITAM stated.
  • Companies and agencies should have a business continuity plan that includes IT asset management and making certain employees have IT assets that are accounted for and working properly, according to IAITAM. The association also noted employers should provide training for employees on managing company equipment and data and tighten up policies regarding use of personal devices for work, among other things.

Dive Insight:

As companies make the transition into a fully remote workforce to limit the spread of SARS-CoV-2, online security must be taken into consideration including when using web browsers and Wi-Fi networks, experts said.

Kevin Beasley, CIO at VAI, recently told CIO Dive, HR Dive’s sister publication, that virtual private network (VPN) software will be required for remote workers accessing key business applications through a web browser. Additionally, informing employees of the dangers of using unsecured Wi-Fi methods should be a priority for companies, according to Ashish Sharma, president of IoT & Mobile Solutions at Inseego, a wireless, in-home and IoT communications company.

“Hundreds of thousands of employees are now working from home, and for many of them, these are uncharted waters,” Sharma told HR Dive in an emailed statement. “They need to understand that using an unsecured Wi-Fi network makes them vulnerable to hackers, and take precautions against unauthorized users.” Sharmas said that Wi-Fi routers must be configured correctly in order to maximize security and protect sensitive data. “We encourage everyone to follow their corporate IT policies, including use of VPN networks, and check their settings to safeguard their connections,” he said.

It’s also important for companies to ensure newly remote employees understand how to use technologies to do their job and address and digital gaps. “[Companies] should be direct and honest in communication and create a safe space for all employees to ask questions and admit if they don’t know how to use a certain technology,” Wesley Connor, vice president of global learning and development for Randstad Enterprise Group, recently told HR Dive. “It’s all about establishing a culture that is conducive to learning.”

Leave a Reply