The outbreak and prevalence of the COVID-19 globally from 2020 compels most companies to decongest their offices by encouraging some employees to work from home. As a result, companies have to allow employees working at home to access official files and company information by remotely connecting employee’s personal computers with the company’s computers. This paper will provide valid points demonstrating why companies need access controls to protect valuable data and data accessible by employees working from home. In addition, this paper also contains facts showing that the use of access controls by a company would frustrate employees working at home when they cannot access the information they need. Further, the paper will also explain why turning off access controls does not solve remote access to a company’s assets. Finally, the design will identify various threats to information security for employees working at home, which warrants a company to consider the use of access controls as an information security measure.
Access Controls as a Necessity in Corporate Assets Protection
Notably, applying access control measures on corporate data, information, and assets accessible by employees working from home via their personal computers can shield businesses from exposure to several risks. Free access to a company’s data and assets using technologically unsecured devices by employees working from home provides cybercriminals with seamless opportunities to steal critical business information, thus necessitating user access controls (Yuryna et al., 2017). Installation of access controls on employees’ devices working from home can minimize data theft or loss for employees accessing the company’s internal networks with devices connected to public WI-FI. Access controls are essential when companies do not want full access to their internal network to some employees working from home. Multifactor-authentication access controls help companies and employees secure information from the threats of intentional and unintentional computer malware attacks to both remote and the entire internal networks of a business. Using access controls on devices accessing corporate information outside the office will provide security to valuable business information in cases where third parties access or become new owners of an employee’s personal computer or smartphone.
How Access Controls Cause Employee Frustration
When a company uses access controls that do not configure with an employee’s device while working outside the office, employees become frustrated and less productive. Access controls may limit information sharing between peer employees or juniors and seniors, thereby frustrating an employee’s working process. Under conditions of limited access to the company’s network, employees become overworked as they try to seek expert answers online. Employees spend most of their working hours trying to call their colleagues for consultations. Access controls limiting effective working from home cause disappointments to employees, and it becomes difficult for them to meet their deadlines within official working hours (Akanni & Fatokun, 2018). Access controls that limit employees working outside the office from accessing valuable information in the required time may cause delays or work stoppages if employees cannot reach experts to provide them with expert knowledge.
It Is Not Acceptable To Turn Off Access Controls
Turning off access controls does not guarantee any security to access remote access of a company’s network resources from people outside the office. Instead of turning off access controls, a company can ensure the protection of its network and assets through several other means. These include, formulation of network and data security-related policies for employees working at home will enhance best practices of data security management. A company can encourage remote employees to work using the company’s own devices instead of personal devices (Dhingra, 2016). Regular data back-ups in hard drives can reduce the risk of data access by unauthorized persons. Companies can also protect their networks and resources from breaches by hackers by developing clear policies to guide third-party vendors. Service level agreements with third-party vendors can enhance security to a company’s network and resources. Businesses can improve their network and data security by eliminating any accounts they share with third-party vendors. Educate employees on network safety issues to ensure they understand the risks associated with using public WI-FI connections to access company resources.
Definition And Types Of Insider Threats
Insider threats refer to unintentional or malicious misuse of a company’s resources and information accessed by remote employees. Companies that allow their workers to access their internal network and resources while working outside the office expose themselves to unintentional or malicious insider threats.
Unintentional Insider Threats
Unintentional insider threats occur when an employee endangers a company by innocently engaging in activities that pose threats to the network or informational resources of a company. For instance, remote employees may fail to attend or implement the knowledge acquired from cybersecurity training, thereby posing a security threat to the company’s information and resources (Saxena et al., 2020). Employees working at home can accidentally expose a company to cybersecurity threats if their devices get lost or stolen (Saxena et al., 2020). Sometimes poor decision-making can lead a remote employee to send text or photos with sensitive business information to unauthorized persons.
Malicious Insider Threats
Remote employees with malicious intentions can intentionally misuse the company’s information and resources accessible to them to harm the company. Malicious insider threats can occur in various scenarios. Notably, Employees working at home can intentionally share sensitive business information with unauthorized persons to enable easy cyber-attacks (Saxena et al., 2020). Most malicious threats are committed by employees willing to Trade Company’s information for money. Companies that mistreat their employees may increase their chances of experiencing malicious insider threats as employees seek revenge or personal satisfaction. Employees who stopped working for a company either because of resignation, firing or occupational shift make a company prone to insider threat, especially if the login details are still practical even after they are gone.
Summary
In summary, the outbreak and spread of COVID-19 from 2020 to date compel most companies to obey social distancing rules by encouraging some of their employees to work at home. This measure prompts businesses to allow employees working at home remote access to their valuable data and resources. As a result, companies adopting this move need to make data security a priority. Access controls prove effective measures towards minimizing the company’s risks of data loss, theft, and access by unauthorized persons. However, when a company’s access controls fail to configure employees’ devices effectively, frustration ensues because employees are overworked and disoriented from accomplishing their jobs seamlessly and with official working hours. To effectively secure a company’s networks and resources, turning off the access controls is not advisable because numerous solutions to data and resource protection exist. Lastly, companies that allow their workers to work from home expose their networks and information to insider threats which may be unintentional or malicious.
References
Akanni Adeniyi, W., & O. Fatokun, J. (2018). The risk of data leakages as data grows in information technology-driven tertiary education institutions. European Journal Of Mathematics And Computer Science, Vol. 5 No. 2,(ISSN 2059-9951). Web.
Dhingra, M. (2016). Legal Issues in Secure Implementation of Bring Your Own Device (BYOD). Procedia Computer Science, 78, 179-184.
Saxena, N., Hayes, E., Bertino, E., Ojo, P., Choo, K., & Burnap, P. (2020). Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses. Electronics, 9(9), 1460.
Yuryna Connolly, L., Lang, M., Gathegi, J., & Tygar, D. (2017). Organisational culture, procedural countermeasures, and employee security behaviour. Information & Computer Security, 25(2), 118-136.