Data protection compliance for organisations has been put to the test over the past couple of months as many employees settle into the routine of working from home.
As if it wasn’t a struggle for many to maintain compliance before Covid-19, it is now even more important they are aware of the potential risks. Employers must still ensure the protection of personal data and the protection of individuals rights.
If you have customers and employees, then there is a good chance you handle and store personal data – at the very least this includes names and addresses.
The Information Commissioners Office (ICO) made it clear that if they were to take a more flexible approach, it is simply not the case that organisations can just sit back and do nothing. Employers are collecting a considerable amount of personal data which falls within ‘special categories of personal data’ and is subject to stricter compliance requirements.
Data security risks
Data security risks have risen significantly with the increase in employees working from home.
More than 80% of data breaches are down to human error, which means that many businesses are clearly struggling to ensure staff are operating good security practices.
Now fraudsters looking to exploit the vulnerability of businesses are on the increase. The fallout from coronavirus-related breaches may not become clear for weeks, months or even longer. Research has found that 79% of people would reconsider using a company they knew had previously suffered a data breach. The reputation of businesses are at risk if they do not handle their data correctly. Here are the top security issues to consider if you now find yourself working from home:
Using online video calls and video software
Zoom is just one of several popular online conference tools that employees have been using to stay connected. But all screensharing apps have vulnerabilities if not used correctly and the right security protocols are not adhered to.
Meeting calls that are not secured by a password can be easily attacked by hackers. Businesses must ensure their teams only send meeting invitations with an associated password – especially if it contains sensitive information. This includes financial spreadsheets, HR files and CRM databases. This will also limit the risk of a data breach. The use of a strong password created by a random password generator will help to provide a link which cannot easily be hacked.
Using company equipment
Most employees will have been loaned computers and other devices to use while working remotely. Companies need to carefully consider potential risks and understand how they can be mitigated.
If employees are not using a virtual private network (VPN) to access shared company assets, then maybe now is the time to do so. Home Wi-Fi networks are not likely to be as secure as a work network. Using a VPN will help to protect the connection, otherwise this could leave services exposed to hacking and allow unauthorised access to data.
Another common risk is the standard of PC security software. Employees may find their home PC is faster than the work laptop they have been given to use. Maybe they have used a USB stick to transfer large files back and forth between the PCs to speed things up. Clear protocols must be in place to prevent such practices.
Whether it is web security gateways, cloud security defences, encryption, or anti-malware applications, the reality is that significantly fewer of these are likely to be available at home or, if they are available, they could be poorly configured. The use of one-time codes sent to trusted phones or using a one-time PIN generation app, can help.
You can reduce the risk of breaches with effective training. In turn this will avoid fines from the Information Commissioner’s Office and the potential reputational damage that follows.
A staggering 90% of the 2376 cyber-breaches reported to the ICO last year were caused by end-user mistakes. With the rise in homeworking, this figure is likely to rise dramatically over the coming months.
Sending emails to the wrong recipients, downloading a malware-infected attachment or failing to use a strong password are all ways that human error could ultimately lead to a data breach. Many of these lapses in judgement happen due to lack of knowledge, because the employee is tired, distracted or not paying attention.
Working from home has opened the floodgates to an increase in all forms of data transmission back and forth between remote employees and their office. The result is that data security risks have risen significantly There is no better time than the present to raise the security awareness of employees through training. Effective training to minimise the risks will remind people about good remote security practices and help them remain compliant.
About the author: Nicola Hartland is CEO of iCaaS.
A serial entrepreneur, Nicola Hartland is the CEO and co-founder of data protection software business iCaaS. She was recently chosen as a mentor within the 2020 Santander Breakthrough Women Business Leaders’ Mentoring Programme.