Staff at an educational institution were required to use a VPN while working from home. The VPN, which typically started with Windows login, blocked several personal cloud services like Dropbox. During COVID, users were allowed to disconnect the VPN due to network issues caused by the sudden shift to remote work. However, after upgrading the infrastructure, the university IT staff forgot to remove this privilege.
When the university adopted a formal work-from-home policy, they implemented GuardWare INSIGHT to monitor user activities. In the first week, INSIGHT flagged a large volume of file transfers to non-corporate websites and personal cloud services. While high data transfers were expected for a research institution, the sheer scale was alarming, especially since it included sensitive data such as course assessments and student mark sheets. This was surprising because the university’s firewall had not detected this activity.
Further investigation with GuardWare INSIGHT revealed that users were frequently turning the VPN on and off. The university adjusted the configuration to ensure the VPN remains active at all times. They also activated GuardWare’s automated education module, SASI, which alerts and guides users on risky actions involving sensitive data, helping to prevent future breaches.
