The impact of the COVID-19 pandemic is already being felt in many ways. The world has been forced to adapt quickly, with a significant number of people now working remotely or at least partially so. This includes both employees who are currently not able to go into their offices as well as those that have had to do this for some time due to business closures. In addition, there is also an increasing number of companies moving towards remote working arrangements with employees requiring remote access to an organisation's network. This brings about new security risks that organisations have to be mindful of.
With the present situation, it seems likely that we will continue to see businesses having remote working arrangements going forward. However, organisations must remain vigilant about data protection and cyber threats, exercise good cyber hygiene and implement the right data protection practices.
In order to protect personal information, organisations need to ensure that all relevant policies and procedures are followed when handling sensitive customer data. For example, if your organisation is using cloud services then it is the organisation's responsibility to ensure that the accessibility and storage of the data is secure. If your organisation uses third-party software applications on your network then there is a need to check whether any vulnerabilities exist that could allow hackers to gain unauthorised access to the organisation's systems. The organisation can consider implementing additional security measures such as increased adoption of secure technologies, ensuring that employees have strong passwords, multi-factor authentication, encrypted storage solutions and so forth.
The diagram below illustrates the overlap between privacy and security where confidentiality, usage and access is the common factor between the two. From the privacy angle, we look at the collection, usage, disclosure and storage of data. On the other hand, the security perspective is focused more on intelligence and governs the area of unauthorised access to the organisation.
Amidst the pandemic and the remote working environment, we have observed and collated several data protection and security threats trends amidst the pandemic and remote working environment:
To combat these issues, organisations should consider re-evaluating their risk areas to ensure that most if not all the organisational risks are documented appropriately and raised to management, particularly in this new, ever-changing digital environment brought about by the pandemic.
Organisations could start from the diagram below as a checklist of critical areas where risks arise. It is vital for the activities in the collection, usage, disclosure and storage to be correctly identified so the appropriate measures can be implemented to mitigate the risks.
From the information security perspective, controls are needed to be put in place to ensure that there is no unauthorised access to the data within the organisation. Examples of these controls include:
The DPOinBOX software is an example of a tool that allows a data protection officer (DPO) to identify the risks in an organisation ranging from compliance risks to inventory and even process or project risks. There are also modules within the software that takes the DPO through the process of managing a data protection management programme:
If you are interested to find out more about DPOinBOX, feel free to contact us via sales@straitsinteractive.com to speak to our team.
The content above was developed utilising material from our webinar held on 5 August 2021, if you would like some quick points of what our speakers have to say, click here to view our webinar summary.
Well, this was going to happen at some point in time in the world - with the ex…
In the wake of major breaches, the Public Sector Data Security Review Committee…
Now that we are starting a new year, we can reflect on a few compliance trends …
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © 2024 Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.