5 Tips for protecting your data when hybrid working

Despite hybrid working creating various opportunities and benefits for employees and employers alike, the hybrid working model raises questions on the vulnerability of data security.


Constantly carrying sensitive data between home and the office could place companies at risk due to continuous issues such as unsecure personal networks or human error. Here 5 tips on improving security hygiene whilst hybrid working to minimise risk of data breach.
 

1. Keep a safe back up of sensitive information.

All-important files should be regularly and securely backed up. Backing up valuable data onto a PIN-authenticated, encrypted USB flash drive or HDD/SSD can save businesses the trouble of losing access to important information during a ransomware attack. It is worth noting the importance of all staff, especially those working remotely, having a secure Wi-Fi connection, and checking all security software is up to date to avoid such an attack from occurring in the first place.

Using an encrypted drive for backing up data is essential. For ultimate protection, the selected drive should preferably have an on-device crypto-chip offering the ultimate standard of encryption, known as AES-XTS 256-bit hardware encryption. As a result, if the encrypted device, such as a USB flash drive or hard disk drive, is lost or stolen, it will not result in a data breach for the exposure of client or company data.

The encrypted USB flash drive or HDD/SSD should additionally include an extra added layer of security such as a Common Criteria EAL 5+ (Hardware Certified), which employs built-in physical protection mechanisms, designed to thwart an array of cyber-attacks, such as side-channel attacks.

2. Transport files securely.

Securely carry work home with you using a PIN protected, encrypted USB flash drive or HDD/SSD. In the worst-case scenario of the drive getting lost or stolen when employees transport files or work out of the office, an encrypted drive as described above will allow organisations to avoid the risk of their data being accessed or viewed.

Moreover, if the drives are only accessible by entering a unique 7-15-digit PIN, it will prevent unauthorised access to the data stored on the drive. Another feature worth considering is brute force limitation. If the PIN is entered incorrectly a designated number of times, all data previously stored in the drive is deleted and the drive is reset.

When power to the USB port is turned off, or if the drive is unplugged from the host device or after a predetermined period of inactivity, the drive should automatically lock to prevent unauthorised access. Using a drive that can also be configured as a read only (write protect) will ensure the data is not illegally modified.

3. Encrypt data stored in the cloud.

The cloud is often the preferred option for hybrid working. However, cloud security is a common major concern, meaning most businesses will hesitate to store any highly confidential information in the cloud. Is there a way around this issue?

To ensure data privacy when faced with common threats, such as DDoS and malware attacks, data must be encrypted in transit and at rest. Data encryption renders stored and transmitted data unreadable and unusable in the event of theft or inadvertent data leakage.

Encryption cannot be dependent on the cloud service provider (CSP). With serverside encryption, the encryption key is stored in the cloud and thus accessible to hackers and cloud staff. It is therefore best for organisations to individually encrypt data stored in the public cloud. The user needs full and secure control of the encryption key in order to ensure the data is kept confidential even if the cloud account is hacked. Having your own key management system will not only give you more control of encryption keys but it’s also more convenient for those using a multi-cloud solution.

An ideal solution to control the encryption key is to quite literally remove it from the cloud and physically store the encrypted encryption key within a PIN authenticated USB module. The module will not store any data. Rather, it will act as a key to encrypt data and access any data in the cloud. It can thus be used to securely encrypt confidential information stored on a local computer or network drive, sent via email or sent using a file sharing service.

4. Ensure authorised access to data.

Using specific software, such as iStorage KeyWriter, all critical security parameters between the primary encryption module and as many secondary encryption modules as required can be copied, including the randomly generated encryption key and all PINs. Only those with a copy of the encryption key will be able to decrypt the shared data. This allows for secure and instant collaboration in the cloud between authorised users, regardless of location.

Businesses need a clear procedure that all staff follow to uphold adherence to data protection regulations, even more so with the rise of remote workers. Multifactor authentication is a highly recommended best practice for data protection compliance. If a hacker obtains the cloud user’s credentials, the breach will go unnoticed to the CSP as it won’t be able to decipher between a legitimate user from an attacker. On the other hand, the encryption module increases security measures to an unprecedented five-factor authentication, as the encryption key is kept away from the cloud.

5. Manage access to data remotely

Handing authorised staff an encryption module will contribute to reducing the risk of data loss due to human error. Still, this does not entirely eliminate the possibility of such an occurrence. For example, an individual may lose the encryption module or be dismissed and keep the device. This is where central management is needed.

Those responsible for cloud and data security in the organisation should be able to monitor file activity, set geo-fencing and time fencing restrictions, encrypt file names and disable users’ access to the data remotely. This will go a long way in eliminating security risks in the cloud and help managers have full visibility and administration of sensitive data and user access

These measures will contribute to maintaining business continuity, upholding compliance to data protection regulations and eliminating any complexity of remote working.



----

Source: iStorage

News

What is the difference between a General Purpose and Payment HSM?

blockchainAlthough we do not give much thought to hardware security modules (HSMs), they are a critical element of security in an organisation’s IT infrastructure used for securing sensitive data.

Read more ...

Hardware Security Module (HSM) Explained

blockchainA hardware security module (HSM) is a small device that allows you to create, manage, and store cryptographic keys. They are considered one of the most secure ways to protect sensitive encrypted data.

Read more ...

The Role of HSMs in Public Key Infrastructure (PKI)

blockchainThe underlying hardware security modules (HSMs) in publick key infrastructure (PKI) are the root of trust which protect PKI from being breached. 

Read more ...

Providing a Secure Blockchain Through the Adoption of HSMs

blockchainThe strong cryptography provided by HSMs will become crucial to blockchain-based fintechs as they generate, store and protect the private and public keys that form the ‘root of trust’ in blockchains.

Read more ...

Hardening your AD FS servers with HSMs

adfssecMicrosoft provides best practices for the secure planning and deployment of Active Directory Federation Services (AD FS) and Web Application Proxy.

Read more ...