Tips for employers to protect company data this Data Privacy Day
By: Barry Cook, Privacy & Group Data Protection Officer, VFS Global
27 January 2021: In the recent months, cyber-attacks have risen to become one of the biggest threats to the digital health of corporations – with even the most heavily protected businesses becoming vulnerable to data theft. According to research by Kaspersky, Africa has faced ‘millions of cyber attacks’ in 2020. In South Africa alone, there were almost 10 million malware attacks and a staggering 43 million PUA detections which is apparently more widespread but also more potent than traditional malware.
These not only pose a threat to sensitive company data, but also cause serious loss of production time, man-hours, revenue, while impacting the company’s reputation and inviting potential regulatory fines. It is therefore imperative to ensure you brace your company and employees with preventive measures to minimize such risks, instead of preparing to deal with consequences.
With close to a year of ‘work-from-home’ under their belts now, the remote workforce across the globe has started getting comfortable in their new living room-offices, and some companies are making this permanent. Along with work, entertainment, shopping, education, socialising – activities that would have earlier required one to step out of the house, have been brought, quite literally, into the palms of our hands, through our phones and laptops.
As we have graduated to living lives online with streaming services, e-commerce, e-learning, and social media – we have also made ourselves increasingly vulnerable to cybersecurity threats and cyber-criminals have responded to this by shifting their focus to attacks on mobile devices. In the work from home scenario, data protection is becoming an increasing concern. Without the protected IT framework of an office, systems and their data can become vulnerable to malicious forces such as phishing and click-bait.
Today, there are various simple ways in which corporations can ensure that employees remain secure while working remotely, keep company data safe, and have a healthy digital experience as they navigate their new work-lives from home. This Data Privacy Day, here are a few ways that companies can go about doing so, without overwhelming employees with complex directives and regulations.
Is your data as secure as your home?
With our homes doubling up as offices, people are now increasingly using the same set of devices for both work and recreation – this puts not only their personal information at risk, but also risks exposure to sensitive company data. Physical security, firewalls, anti-fraud measures – these were all far more effective when everyone was accessing official data at work, protected with enterprise-level security, but not anymore. One of the most common downsides to working from home is unsecured Wi-Fi networks. While your employees are physically in the office, the company IT department can control the security of the Wi-Fi and LAN networks that are being used. Since home Wi-Fi networks may use weaker protocols (WEP instead of the more commercially used WPA-2, for example), it not only makes devices directly vulnerable, but also exposes them to hacks on other personal devices connected on the same network, such as mobile phones, digital assistants, smart appliances, etc.
There are a few ways to avoid this. Companies should issue advisories around router protocols that are the safest to use while working from home – i.e., a WPA-2 or higher, and ensure that employees assign it strong passwords that are frequently updated. Regular and comprehensive trainings must be provided to all employees to educate them on how to identify and mitigate threats to data security, and to secure systems in remote working, in line with the relevant laws that are followed by the organisation. There is also merit in providing them with simple instructions or training in creating separate subnets for each home device that uses their home router, to ensure that even if one of their devices is compromised, the others remain secure.
Don’t let data get caught in the phishing net
Another leading cause of data breaches, especially in recent times, is phishing scams. Taking advantage of people’s anxiety to know more about the COVID-19 crisis, there have been several instances of fraud emails and SMS messages linked to information about COVID being shared. This is a common strategy used by scammers to hoax unsuspecting people under the guise of sharing important information and data, followed by infecting your device with ransomware. With the lack of robust firewalls by home networks, this can unfortunately be a common occurrence. This can be remedied via simple “Think before you Click” instructions issued to employees, starting with emphasising the importance of double-checking each link they click on. As a company policy, while using official email, any links or attachments received from an unknown sender, should not be clicked on at all. A handy tip to share with employees while looking for fraudulent emails is to check the way it’s written/formatted – if they have obvious typos, grammatical errors, or misspelled words – one should avoid them.
Ensuring closed-door meetings
The most significant tech adoption for companies adapting to work-from-home has been using video calling software for team meetings – which means a proportional increase in the potential for trouble as well. These platforms, if not used correctly, can very often be unsecured and open to uninvited guests, which is anyone with a meeting link, thereby providing adept hackers a gateway to an employee’s system and the data it houses. However, there are simple solutions to ensure your official meetings remain secure and the data on the systems remain protected. Meeting hosts should ensure they “lock” their virtual conference rooms, or password-protect each meeting, and not share meeting links on open platforms such as social media so as to avoid virtual gate crashers. Company policy for remote meetings should mandate the updating of video calling software regularly so that it’s equipped with the latest security upgrades and bug fixes.
Although this period of working remotely have made most of us semi-experts in wielding technology, doing so correctly is key, especially when organisational data is in the mix. Corporations need to be vigilant in their approach to data security, educating and monitoring employees regarding network security, usage of work devices on unsecured routers, inactive accounts lurking in the corners of the internet, and the latest software upgrades. Now that remote working is here to stay for the foreseeable future, these handy tips and a little foresight can ensure round-the-clock security for both your company and employees.