February 24th, 2021

RELATED WEBINAR

Improving Security In A Hybrid Working Model

Table of contents
See more contents

Businesses are developing workplace technology at rapid speeds to accommodate the increasingly digitized workplace. But with so many people working remotely, your data is at higher risk, making data security more important than ever.

Third-party vendors with access to your information may not be working with secure Internet connections in violation of your contracted agreements. It’s also harder to protect sensitive information on personal laptops and in homes or coffee shops where employees may be working on public Wi-Fi, despite your company policies.

Well over half of all organizations claim they’ve had IT security breaches that originated from third-party vendors, and this is only getting worse. As you evaluate new workplace technology, you'll need to work closely with your IT department to ensure it has the right security features.  

Regulations governing workplace technology

The Internet has connected the world so intricately that we can hire employees from — and provide services to — just about any country in the world, so make sure you’re in compliance with international regulations governing privacy and security.

If not, the penalty can cost you thousands of dollars.

General Data Protection Regulations (GDPR)

While you're probably well aware of the European Union’s security and data privacy laws, you may not have considered how they impact your workplace technology. If you are using applications that collect employee data (such as wearable devices), you will need to notify employees about what information you plan to collect, how you will use it, and how you will keep any personal information secure.  Even if you aren't doing business in the EU, this is essential for building a relationship based on mutual trust. 

Your IT team will also need to evaluate any third-party data processors, including cloud providers, and ensure they comply with GDPR. 

California Consumer Protection Act (CCPA)

Under the California Consumer Protection Act, businesses must disclose any personal information they collect and share. Consumers also have a right to ask that businesses delete their personal information or forbid them from selling it. 

While this likely won't impact employee applications, you may need to re-evaluate the type of information you collect from customers and ensure you are properly disclosing it. 

SOC compliance

SOC compliance shows your organization’s information security is high. SOC1 compliance is for companies that hold financial information and SOC2 is for all other companies (we’ll focus on SOC2 since this applies to the majority of companies).

If your company is a service organization, you’ll probably have to pass a SOC2 audit to be able to provide services to other companies. So what does SOC2 compliance cover?

5 principles of SOC2 compliance

  • Common criteria/security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy controls

Are your systems and information protected? Are they accessible and able to be used for operations? Is your company protecting confidential information? Is your company collecting, using, disclosing, and discarding personal information in a way that aligns with your company’s objectives?

It’s important that your third-party vendors follow these guidelines as well and not just your internal staff.

Choosing SOC2 compliant workplace technology is a proactive step your company can take to ensure you're protecting customer and employee data.

Security features for your company’s workplace technology

Access control management

Demanding proof that users are who they claim to be and have been authorized to access certain information is a must, regardless of the size of your company. 

A good general rule is to give employees and vendors access only to the data needed for their jobs.

2-factor authentication

In a cloud-based environment, identity is everything. Unfortunately, hackers have become more sophisticated, and mobile applications without proper protections have made organizations more vulnerable to breaches. 

Two-factor and multi-factor authentications are forms of access control that require additional information to enter the door of an account. After logging in to an account successfully, you may have to enter a code that is sent to your cell phone within a certain timeframe.

A mobile-centric zero trust approach

The concept of "zero trust" is based on the idea that organizations should always verify before granting access. A mobile "zero trust" approach takes password protection and two-factor authentication a step further by establishing a framework that includes: 

  • Ensuring every user has a device with the right apps and permissions
  • Verifying access, not only by verifying the user but also checking the network type 
  • Enforcing strict security policies
  • Protecting workplace technology from viruses, malware, and any other potential threats

Ensuring your workplace technology is up to date is just the first step to zero-trust security. Look for software and applications that deploy updates automatically, rather than relying on employees to continually make updates. 

You may also need to work with your IT team to update policies for network access. That includes ensuring all employees use secure Wi-Fi while working remotely. 

Data encryption at rest

The opposite of data in transit, data at rest is how it sounds. Rather than being transferred across networks or from a device to storage, data at rest is sitting still in storage.

Encrypted data is data locked in a virtual safe that requires a key for entry, so even if a hacker breaks into the vault, the goods will be useless to them without the decryption code.

We tend to focus on encryption efforts for data in motion: When we enter our social security number and hit send, will someone intercept it along the way? But protecting data at rest is just as important.

Cloud-based software

Cloud-based networks are easy to access and use for storage, making them great tools for teams that aren’t all in the same building.

Since you don’t have to have your own servers, cloud networks allow small operations to have large amounts of storage space that is easily scalable depending on current needs.

Your data is also more secure because servers won’t be damaged by natural disasters, fires, or someone physically tampering with them.

If using a cloud-based network, review the provider’s privacy policies and security measures. To keep your company’s data secure, make sure remote workers are using a portable Wi-Fi hotspot rather than public Wi-Fi.

Human factors to consider

Even if you’re a software company, you’re ultimately in the business of people on some level and your security is only as good as your human oversight.

Take a look at your vendor management policies. What platforms and data can your third-party vendors access? When you give them access to additional information or platforms, be sure to change the protocols accordingly.

Know who’s accessing confidential information through company laptops versus personal laptops, including third-party vendors and contract employees or freelancers.

Additionally, make sure employees outside of the IT department understand what constitutes high-risk behavior, such as weak passwords and sharing logins and passwords among multiple users. Don’t assume it’s “common sense.”

Create a safer workplace with workplace technology

Securing your company’s data, complying with changing regulations, and protecting the privacy of your customers may seem like merely scratching the surface of your concerns in a world that has become suddenly much more complex.

Whether you're an HR or an IT leader, you're also working to ensure a safe return to the office while maintaining high productivity among members of a hybrid workforce.

Teem's mobile return-to-office technology is cloud-based and secure. Our solutions for desk booking, room reservations and visitor management are easy to implement across your workforce with single sign-on and two-factor authentication.

We deploy all updates automatically, so you'll never need to worry about using an outdated version that could make you vulnerable to security breaches.

Learn more about how our workplace technology helps keep your employees and your data safe by requesting a free demo today.

Subscribe now

News, tips, and product updates.
Subscribe to Teem’s blog today.

SOME RELATED RESOURCES

How Flexible Workspaces Benefit Women at Work
Prior to the pandemic, women in the workforce faced a series of unique challenges stemming from rigid work schedules and a lack of flexibility. Though remote work during the pandemic has helped solve ...
Good Visitor Management Has A Bigger Impact Than You Think
You're reopening your doors and welcoming people back into the workplace. But it's not just employees that you have to plan for, you're bringing visitors back, too. Soon, a variety of clients, vendors...
Workplace Trends for 2021: Expert Insights and Predictions
During the pandemic, we were reminded of the importance of connection. In terms of work, that meant staying connected with colleagues, being able to connect to the systems and information needed, and ...