We're able to provide support remotely and this is an ideal time for many to take the opportunity to review Privacy & Data Security policies, compliance with GDPR & engage in some staff training. Get in touch - we can help.
Covid-19- increasing data security risks
The rush to get staff set-up for remote working from home was for many businesses a challenging time and a new concept to them. Staff equally were thrown into a working environment which was alien to many and inevitably one with potential risks in their handling of both personal & commercial data.
Remote working comes with many risks to the security of data, if not implemented with its protection firmly as the priority.
Having now gone through the initial stage of getting staff up & running, it would be advisable to review those arrangements from a data security prospective.
Our post 17th March focuses on considerations for Homeworking and the relevant data security aspects of it - this will help with appraising your current controls - See related News articles.
Furloughing staff responsible or critical to data protection?
Many businesses have already furloughed large proportions of their workforce, in a bid to ride out a period of unstable revenues; but what about those with data protection roles?
The legal and commercial aspects of data protection at all times has not disappeared under the current circumstances.
Now more than ever the role of a Data Protection Officer or equivalent could not be more important.
Many businesses have a legal requirement to appoint a DPO and cannot simply disregard the responsibility. Whilst the current DPO could be Furloughed, a named replacement would still have to be in place and working. This may not be as simple as it sounds, as the replacement would still need to meet the criteria of a DPO; with the need to be Independent from decision making around policy & investment for data protection a particular concern.
Equally the furloughing of staff critical to maintaining both IT and physical security controls, assuring secure homeworking arrangements and monitoring performance; would lead to a vast increase in risk and worse the potential for a breach.
Clearly there is potential for some significant issues if data security and legal compliance isn't considered sufficiently, when determining which staff need to be furloughed.
Prior to the pandemic outbreak, phishing was the most likely cyber threat business would encounter; with the UK reportedly more prone than other EU countries. Cyber criminals have seen Covid-19 as a great opportunity for effective phishing attacks, increasing significantly their efforts and exploiting users susceptibility to Covid related news or products.
Successful phishing attacks have the potential to cause a wide range of data protection issues for business and ultimately at a cost which is unwelcome at any time; but even more so now.
Staff working remotely and without those constant reminders of these threats and close support; can be particularly vulnerable to them.
In response Aversus is offering free phishing tests to businesses during this period of restriction.
Informing staff that they will be tested will almost certainly help keep them vigilant and give opportunity to gauge their vulnerability. Those falling prey to the test phishing mails will also then be able to learn from the experience.
This offer comes as part of our Charity Phishing Challenge & the full details of this can be found in the related article - 'Charity Phishing Challenge'.
News Round Up
ICO Launch Covid-19 guidance which can be found here:
Marriott Hotels - Breached again !
Already facing a potential fine of £99 Million , the group has again fallen prey to a hacking event. The latest breach affects 5.2, million customers using its Loyalty App & whilst the data accessed was not as sensitive as the early breach; this again highlights some troubling security issues.
Zoom - Concerns mount about security
The popularity of this video conferencing platform has blossomed with the pandemic; with many organisations using its free services.
However, there has been a series of security inadequacies detected and exploited over the last month; which are now widely hitting the headlines. The security problems range from inadequate encryption, insecure storage and illicit data sharing.
The company has repeatedly had to patch flaws uncovered by hacking events and pull some of its Apps.
If you use this platform it would be advisable to review the type & sensitivity of the data currently shared across it or even stored with it.
Please get in touch with us if you need support with any of the topics covered above:
Thank you for reading!