When remote working suddenly became necessary for many people due to the COVID pandemic, organizations could be excused for overlooking the new security risks introduced by the urgent switch to a remote operating model.
But COVID’s unforeseen and rapid impact left many security questions about remote working unanswered. Were company policies on information security being enforced? Were GDPR and other compliance obligations being reliably met as workers receive, share and process sensitive data while working remotely? Was the risk of fraud or data loss being adequately managed?
In this article, I look at common security issues created by remote working and advise how Lithe helps its customers avoid them.
Remote working compounds email risk
The dangers of email
In its Cost of a Data Breach Report 20211, IBM highlights email as the most expensive risk of data breach. At an average cost of $5.01m per breach, email represented the mostly costly type of data breach in 2021.
This is a wake-up call for anyone relying on email as a remote working tool. Not only is $5m per breach a staggering cost per breach but the report also shows that on average it took 238 days to identify that a breach had occurred and a further 79 days to contain once discovered. In addition to the enormous financial cost, the huge reputational risk and potential loss of valuable clients is all too real.
If you are relying on sending customer-related documents and sensitive or confidential information on a channel as open to loss and fraud as email, you are risking the same type of breaches and the same scale of losses.
Why is email such a terrible choice for secure distribution of documents? Because the openness of email allows too much opportunity for sensitive or confidential information to be incorrectly handled – whether deliberately or accidentally.
Email made worse through remote working
The Egress Insider Data Breach Survey 20212, which interviewed 500 IT leaders and 3000 employees in the UK and US, found that human error was at the root of nearly one quarter of data breach incidents, with 24% occurring due to employees sharing data in error.
59% of IT leaders report an increase in email data leaks since the start of the pandemic, 95% of IT leaders believe that client and company data is at risk on email systems, and 85% of employees are sending more emails due to remote working, according to the report.
43% of breaches occur when someone is rushing and makes a mistake, the report indicates. For many remote workers, whether at home, in transit, or on the road, rushing and mistakes become more likely. It’s too easy for error-prone humans to send an email containing sensitive information to the wrong recipient, either because they have a similar name to the intended receiver or simply because “fat fingers” are in too much of a hurry.
The problem with email is that it allows these security breaches. As remote working has amplified the risks, it’s time to put a stop to them.
3 steps to safety
Step 1: Review and change ‘scan to email’ projects
The first step to reducing the risk of email is to review current operations that unnecessarily and unsafely rely on email – then mitigate those operations by removing your reliance on email distribution.
If your organization relies on a Digital Mailroom solution which digitizes inbound mail and important business documents and then sends these to intended mail recipients via email, you’ve identified a quick win for risk reduction. Continued use of email leaves you open to unacceptable but avoidable risk of loss or fraud and increases the probability of data breach in your company.
By using the Lithe Digital Documents instead of email, Lithe’s customers remove email as a transport or distribution layer but continue to use their existing document scanning technology to achieve a secure Digital Mailroom solution that meets the needs of remote and hybrid workers.
Available in your own cloud or as a Lithe hosted solution, Lithe Digital Documents provides a secure platform for sharing documents within your organization providing full transparency on each document’s lifecycle and control over who can receive, view and forward documents.
Step 2: Make remote and hybrid working secure – it’s here to stay!
Remote working is a reality that will be with us for the long term. Many people will work remotely 100% of the time. Many more will embrace hybrid working, where some time is spent in an office but much of their working life is spent at home, in transit or “on the road”.
Organizations need actively to embrace this reality and implement suitable controls that remove the risk of accidental data breaches but also provide remote workers with an easy-to-use system which supports more flexible working arrangements.
Lithe Digital Documents provides controls that improve security by removing the risk of mistaken email routing. By closely controlling and automatically linking to company-managed distribution lists and enterprise security standards, Lithe stops unauthorised distribution or sharing of sensitive and confidential information.
To also meet the convenience and ease-of-use needs of remote workers while ensuring security, Lithe Digital Documents makes documents available on smartphones, tablets, laptops, and workstations without lessening of security standards.
Why is all this important? As I’ve noted above, a large percentage of data breaches occur when someone is in a rush and makes a mistake. Homeworkers are often juggling work and home duties so the risk of rushing and making mistakes increases. Hybrid workers in transit or “on the road” are frequently subject to distraction and interruption. Security and ease-of-use features must follow the worker, wherever they are, whichever device they’re using, and regardless of any distraction that introduces risk.
Step 3: Bring transparency to who does what with sensitive data
You need to demonstrate compliance to security and privacy policies, but email systems fail to deliver the audit trails, lifecycle management, and transparency required. Depending on the requirements of your industry and organization, you need to record a timestamped log of all activity related to a document. For management and compliance purposes you need to know, for example, who looked at the document, when, who forwarded it to which colleague, who changed what data related to that document, and more.
Common email solutions provide only partial compliance reports and these are often held for only 180 days, even though, as I’ve noted earlier, the average time to identify an email breach is 238 days. In addition to its security shortcomings, relying on email leaves a compliance and management gap that represents an unnecessary risk your organization doesn’t need to take.
Lithe Digital Documents product retains a full audit trail for each document and is built to meet the retention and audit requirements that email systems fall short on. Not only does Lithe control the authorised list of people to whom documents can be sent, it also creates an audit entry every time an authorised person views a document, forwards it to a colleague or updates status to record that the document has been processed.
Lithe also makes it easy to implement the document retention policy you need. Configurable by document type, a full audit trail is retained as documents move into an archive state and are automatically retained and deleted according to the policy your organization requires.
If you have implemented ‘scan to email’ solutions or are regularly sending sensitive documents via email around your organization, it is time to recognise the tightrope you are walking on. Numerous studies highlight the prevalence and cost of email data breaches and the fact that remote and hybrid working increases the risk of costly loss and fraud related to email use.
Act now to increase the security of your remote operations by contacting Lithe for a demonstration or free trial of Lithe Digital Documents. We will gladly invest the time to discuss your needs and help you remove email as an entry in your corporate risk logs. Lithe Digital Documents is a no-code, no-disruption solution that you can implement within a week. Let’s talk.