A Remote Worker’s Data Audit
Posted on 28 January 2021 by Beaming SupportWith more employees working from home, the use of unauthorised IT equipment and software is a security issue that business leaders are starting to take notice of. Use our data audit sheet to identify “rogue” data that may be stored on employees’ personal data.
What is shadow IT?
IT hardware or software used by employees without the knowledge of the business IT team is sometimes called shadow IT, and it’s on the rise. This may be down to an “out of sight, out of mind” attitude to the IT department as staff work from home, or to team members “going rogue” rather than waiting for a response from an IT team which is trying to keep up with the individual needs of a decentralized workforce.
When it comes to remote working, there are two main concerns arising from the use of shadow IT:
- Unauthorised applications may be used on company devices, potentially providing a route into your network or access to company data.
- Company data could be stored on a device or (cloud) platform outside of your company network and therefore outside of your control.
How do we keep data safe?
The first concern can be addressed by setting up company devices so that applications cannot be installed without an admin password, but with employees using their own devices, controlling how company data is managed can be more difficult.
Use of a VPN and remote desktop should help to keep company data on your network, but it’s possible that employees trying to make their own lives – and the IT team’s life – easier, may not be aware that data they save and access on their own devices could be vulnerable.
Share this data audit checklist with your employees to help them identify “rogue” data on personal devices.
| Data type | Can it be stored/accessed on personal device? | Detail |
| Personal HR information | ✓ | You can store data that relates only to you on your own device, but make sure you’re following the usual best practice advice ie strong passwords, keeping operating system up to date. |
| HR information pertaining to others | ✕ | This should not be available to anyone other than employees that need access (the HR dept, relevant line manager) and should not be saved to personal devices. |
| Marketing or product information that’s already been published | ✓ | If it’s already in the public domain, eg. as website copy, it can be saved on personal devices if necessary. |
| Product or service information that’s not yet publicly available | ✕ | Keep this under wraps by storing securely on your network with access allowed only to those that need it, via VPN/remote desktop. |
| Marketing contact lists | ✕ | Use your email service provider (MailChimp, Active Campaign) to access these via VPN/remote desktop and do not download to personal devices. |
| Sales prospect & lead information | ✕ | Allow access only via remote desktop or VPN. This data should not be downloaded to personal devices. |
| Emails | ✕ | No company emails should be saved to personal devices. Access them using your business’s cloud technology or email server. |
| Plain text passwords | ✕ | Don’t save plain text passwords anywhere, on any device. |
| Passwords saved to browser | ✕ | Use a company password manager accessed via VPN/remote desktop to secure passwords. |
| Customer billing information | ✕ | Should be subject to the same stringent security it would be when employees are working in the office. |
| Hard copies of data | ✕ | It’s obviously not possible to store these on a device, but apply the same principles you would in the office. Keep confidential data under lock and key and shred anything that needs to be disposed of. |
What if some data has already been stored to personal devices?
Remote working setups were deployed last year at very short notice and employees were in many cases “muddling through” in order to continue working to the best of their ability, so it should be made clear that they can flag up data stored inappropriately without fear of reprimand.
Have your IT team work with employees to ensure data is fully deleted from their personal devices and don’t forget to check that it hasn’t inadvertently been saved to cloud storage that’s out of the company’s control.
Need help keeping remote workers secure?
Beaming is an internet, telephone and IT support service provider that has helped businesses nationwide adapt to remote working and hybrid setups. Get in touch and one of our friendly tech experts will contact you within one business day to discuss the best solution for you.
