PROVIDENCE – The International Association of Information Technology Asset Managers, the professional association for IT asset management and related companies, warns against data risks specific to coronavirus concerns.
Many companies and agencies have their employees working remotely now, said IAITAM, and more are likely to do so this week.
“The impulse to send employees home to work is understandable, but companies and agencies without business-continuity plans with a strong IT asset-management component are going to be sitting ducks for breaches,” said Barbara Rembiesa, CEO and president of IAITAM, in a statement.
In a press release, Rembiesa cites a 2015 IAITAM report showing that 17% of U.S. Securities and Exchange Commission laptops were not where they were reported to be, with 22% having incorrect user information. The SEC Washington, D.C., office sent employees home to work recently with a coronavirus case discovered in the agency’s headquarters, according to IAITAM.
The association recommends these steps for companies that are having workers do their jobs remotely from home due to coronavirus:
- Sign out and track all IT assets that are taken off-site.
- Ensure solid firewall and passcodes are in place to access company systems.
- Have employees sign a nondisclosure agreement regarding data they will access outside the office, which is often more valuable than the devices on which it is contained.
- Provide employee training on responsible management of equipment and company data, such as not sharing a personal smartphone with a spouse or child during this time.
IAITAM notes that without proper safeguards in place, companies will have little information on devices used to conduct company business or who is accessing it.
Businesses that don’t require workers to operate through a virtual private network, or VPN, will rely on personal Wi-Fi systems “that may be entirely insecure and/or already corrupted. Unprepared companies may also find that their VPNs are unprepared for a tidal wave of outside access,” according to IAITAM.
The association also notes that the longer employees work remotely, the bigger a target they can be to phishing attacks and other breaches. And when employees do return to work, sensitive data can remain on their personal devices.
“This creates a huge risk if the personal device is ‘handed down,’ sold to a third party or improperly disposed of,” according to IAITAM.
IAITAM is based in Canton, Ohio.
Susan Shalhoub is a PBN contributing writer.
