Steps to prevent data breaches during COVID-19

data breach

One of the defining characteristics of the coronavirus pandemic has been the sheer number of people forced to work from home to help minimise its spread.

And despite the UK being at a critical point in terms of keeping the disease at bay, the signs are that more and more of us will continue to operate remotely for a good while longer – in some cases indefinitely.

However, this poses serious questions about online security, particularly around how a company’s data is protected with so many people accessing shared IT systems from a distance.

While we at ClearPeople work with some of the leading global tech businesses, the question of how to protect your company data is just as relevant and critical for companies of all sizes no matter the sector in which they operate.

Our Atlas solution sits on top of Microsoft Office 365, however the principles of data security can be applied across any network.

First of all, it’s imperative that your company data is open and accessible to your compliance and information security teams so that they have an all-pervading overview and visibility of what’s happening within the organisation.

To put it simply and bluntly, if that visibility is not available how are you going to know when something has gone wrong? So, make all your data open and available so you can track exactly what is happening within the organisation.

Continuing this theme, ensure that effective communications are set up within your IT ecosystem in order to discourage the use of third-party apps, such as WhatsApp and Dropbox. As useful as these apps are, they are in no way a safe channel when colleagues are discussing confidential company and client information.

Next, make sure you have effective oversight in place for ensuring those who are working from home are kept up to date with the latest policies relating to remote working. For example, unlike the office environment, you have no way of controlling who is in that remote working environment, so you might want to draft a new policy to shore up that potential data breach.

However, it’s one thing to write a policy about new practices whilst employees are working from home, but it is just as vital for those involved in protecting information to have a robust reporting system in place to underpin that activity. 

As an information security or compliance officer you can say “here are the new practices you must adhere to while working from home” but, in addition, you will need to have a reporting process in place to indicate that the message has not only been received by the right people, but that it has been read and understood – this is a huge issue for compliance.

It’s important too to remember that even though technology is a great enabler for data security, it is nonetheless dependent on people to use that tech correctly. For instance, you’ll inevitably have new starters and leavers, so make sure there is a way to monitor what data they can access and whether they have permission to do so.

If and when there is a breach – a typical example with homeworkers is when data is downloaded to a private PC – then you must be able to see in an instant not only who has access to that data, but who are they collaborating with within the organisation. For all you know there could be a whole team working together to compromise your security.

Homeworking is nothing new, but the speed with which the coronavirus pandemic has forced hundreds of thousands of workers to carry out their jobs remotely means business owners and decision makers need to think long and hard – but as quickly as possible – about how they protect themselves and their clients from potentially-disastrous data breaches.

Getting the basics right and putting in place policies and procedures that are open, accountable and easy to understand should go a long way to ensuring your confidential data remains just that – confidential.

 

By Stephen Bedford of ClearPeople


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.