Given the strange situation we all find ourselves in at the moment, with so many people suddenly
working from home for the first time, organizations have little time to prepare for the consequences that may arise from increased risk of cyber attacks and data breaches. All the data they have is not where it perhaps should be or protected to the same extent as it is normally. It is likely that many employees will continue to work from home for many months, if not forever.
All organizations should be looking at a few key areas:
Robust systems and robust processes are a requisite part of good data management and therefore good data security.
What should you do?
To continue working with a widespread workforce, many organizations uploaded much of their data (files / databases / documents etc) to “the cloud” in a very short space of time early in “lockdown”.
As a result, a review of the business operations should be undertake to determine how data have
been affected, and how the policies and processes may have been abandoned or compromised.
What changes have been made since lockdown and remote working?
These are all areas that require attention by staff and the board of directors.
Working from Home
If your staff are using their home Wi-Fi to access your systems, consider the risk that other mobile
devices on the home WiFI network may be infected, which may lead to other computers or devices on the network being infected as well. If that risk becomes a reality, there is a further risk that the home computer used to access your systems, even via a VPN for example, may infect all the other machines in your business as well. It is unlikely that the security measures taken at home are as comprehensive as in your business, so it is more likely that a family member’s computer is more easily compromised.
Sharing the home WiFi network does increase the vulnerability to a work-related computer.
The following measures can mitigate the risk:
In summary, work-related computers using home WiFi networks are at risk of being infected over
that home network from other computers or devices, as they may not all have the same level of
security you would have at work. The consequence may be that, when subsequently connected to the work network, the computers that have been connected to home WiFI networks may infect the rest of the devices connected to the work network.
So you must mitigate the risk to all data – commercial and personal – residing on machines that are connected, starting with the work-related computers used at home.
Business continuityBut is the organization ready for this?
It is critical that robust systems are in place together with the right policies and processes to protect the key company assets, e.g., data.
Having a senior accountable officer responsible for Data Protection (or an outsourced support) is
key, as is training of the personnel.
Many organizations are opting for an outsourced managed service which offers a simple frictionless way to identify and protect all their data, wherever it is.
A final thought- if you do suffer a data breach and / or cyber incident, are you ready to respond
appropriately and in line with data protection regulations?
It is essential to train staff so ideally they know how to mitigate Data Breaches but also know how to manage them. They need to be able to recognize a breach: data loss can be accidental or careless as well as malevolent.
Your organization needs an Incident Response policy and program, with backup and recovery
together with a compliance and notification procedure. However, the key priority for all organizations is: Know where your data is: you cannot protect what you cannot find