Copywriter, Digital Asset Manager, Business Analyst
In the last decade, the business world has seen an unfathomable increase in the collection and use of data in business operations. From tech companies to marketing agencies, data has become a major asset for success. In fact, the increased collection and use of data has made it a billion dollar industry. If you have ever seen the Netflix documentary, “The Great Hack”, then you know that there is now a war for data. On one hand you have the sharing, leaking, and hacking of data, while on the other hand you have people concerned about their privacy being breached.
With all of these concerns, the risk typically falls back on the company. So as remote working has become the latest workplace trend, digital asset management and remote work security will become increasingly important.
Cybersecurity Gone Wrong
In September, a Canadian academic research group discovered that Apple devices were being hacked by an Israeli spyware company. This hack allowed them to monitor and infect iPhones, Macs, and Apple watches without the owner even knowing. As soon as Apple was notified, they were able to create an emergency update that helped block the spyware.
But wait… there’s more.
On Monday, October 4 2021, Facebook, and the companies it owns, went down for hours. It proved to be a configuration error. However, this disrupted the company to such a degree that employees couldn’t enter the building or get into meeting rooms because their Internet of Things was also down. This showed that even advanced companies can be remarkably unprepared for single points of failure.
You may be thinking that those are tech giants. Of course they will have major issues with data breaches, hackers, and failed systems. But according to a 2021 news report from CNBC, small companies, in particular, are being targeted for cyber attacks and data breaches.
So, don’t be blasé about remote work security. Remote work is on the rise, especially for small companies and start-ups. Anything can happen at any moment. So let’s take some time to discuss digital asset management advice you can give your remote employees.
Remote Work Security
Does your company or organization have an existing data management or remote workforce management policy? Check with IT or your data security officers as to what your policy is. If your employer has a proper policy in place already, it will describe security practices that outline what you should and shouldn’t do on a daily basis. It should also describe what to do when things go wrong. Who do you report problems you have to? Who do you report failures you see happening elsewhere to? You might think that no-one likes a snitch, but you know what no-one else likes? GDPR violations.
The General Data Protection Regulation (GDPR) is EU regulation surrounding data management, especially information that enables individuals to be identified. So, if you hold any data on customers or service users, you’re responsible for the management of that data. The penalty for failures can be significant: €20 million or 4% of global revenue, whichever is greater. If you didn’t read Amazon’s July 30, 2021 earnings report, you’ll have missed that they were fined €746 million under GDPR. So, the consequences for getting this wrong can be catastrophic, even if you are an American company operating in the US and EU.
Remote Workforce Management
But what if your company doesn’t have any policies, what should you do then? Try speaking to your manager to see if they’ve received any advice or have implemented a remote workforce management policy. The speed of remote work adoption has caused some companies to lag behind in adopting policy to address all aspects of remote work, so it is very possible that there are not policies set in place yet. So here are a set of principles that you can seek to work by to minimize the risks.
Use and “Protect” Your Company Laptop
For one: Don’t use non-company devices to access company systems such as a Digital Asset Management (DAM) systems or SharePoints.
As you use your company device, be sure to treat it as if it is your baby. If you ever walk away from it in your own home, lock the screen. Otherwise, there’s nothing to stop anyone else from immediately accessing company assets and doing who knows what with them. You might view the risk as minimal, but all you have to do to minimize the risk is press the Windows key + L.
If you’re outside of the office, never leave your laptop unattended. If you’re travelling, take your laptop with you at all times. Yes, that includes the bathroom. Don’t leave it anywhere.
If your laptop uses a smart card, remove it and keep it with you at all times. Failure to do so creates a security risk. Single Sign On (SSO) is convenient, but should you lose the card with the laptop, then that creates a significant security risk.
Don’t download it
Unless you need to edit it, don’t download it. If you download an asset from a DAM system or SharePoint, then that increases the risk of accidents happening. That could be accidentally attaching it to an email, someone else in your home gaining access to it, or just generally losing track of it. Those risks can be avoided if you leave the asset where it is and preview it in its repository. If you ever download an asset (for some reason) delete it as soon as you’re done with it, and empty the recycle bin afterwards. Don’t leave it lying around anywhere.
Who are you sharing it with?
Systems like DAMs have share functions so you can share assets with other users directly from the system. They’ll then receive a link enabling them to view or download it. When labor has been outsourced or you have agency partners, this is another potential failure point because you’d be sharing the asset outside the company. So, you should consider whether you should even share it with them. If you genuinely need to, make use of your DAM’s capability to limit that share so that they can only view it, and you should restrict how long the share is active. If you can set it to a minimal period such as one week, do so.
Some companies even have a particularly rigorous policy on this: don’t share assets outside the DAM or you’re fired. This isn’t extreme, it’s gold standard.
Remember: this asset belongs to your employer, so every time you share it, you’re sharing company property.
One of the pleasures of working remotely is the potential freedom to work anywhere that you can sit and connect to the internet. However, your connection to company systems should still be secure, and this is where many wi-fi connections could be lacking. Some city level wi-fi connections can be completely insecure. Given this, if you need to connect, make sure you use your employer’s Virtual Private Network (VPN). If your employer doesn’t have one, just wait until you can get on a secure, private wi-fi.
I Screwed Up
What happens when something has gone wrong? Don’t worry. It can happen.
If you shared an asset with the wrong person, find the unshare option as soon as possible. Your DAM should have such an option. If you can’t find it, speak to your company’s DAM manager(s). A mistake such as this can be rectified, but only if you own up fast.
The longer the asset is out there, the greater the risk becomes. So, take care of it now before it’s too late. Sure, you may get dressed down by your manager, but as uncomfortable as that is, it’s still way better than being fired.
If you lost your laptop and/or ID card, again, own up immediately. Your company IT can close your account to prevent security breaches using your ID. But again, the longer you leave this, the greater the risk to the company first and then to you.
These basic principles cover a lot of the potential issues that can occur. If your employer doesn’t have data security policies for remote workers, then they should. This need is even more pressing if they hold data that enables people to be identified.
If your company has no policy then ask yourself:
- Is there an opportunity for me to create a basic policy that I can present to my manager?
- Is there an opportunity to encourage my team to abide by the standards that we set?
- Can I get my team involved in drafting a rigorous team policy?
That way, even if the rest of the company plays things fast and loose, you at least know that you and other remote workers you collaborate with are on top of any problem that could arise. If everyone else wants to walk the company into the abyss and you can’t stop them, then that sucks. However, you at least can maintain a high standard.