As per government directives worldwide, many businesses have shifted to remote working to protect their employees from the threat of COVID-19 whilst continuing to serve clients. However, relying on digital platforms to continue critical business activities and daily operations have left many open to the risk of cyberattacks. There are several measures that business owners should consider in order to prevent hackers from exploiting these uncertain times.
What is going to be the knock-on effect of COVID-19 in the work-place when it comes to data protection and cyber security?
There are four main concerns over the fundamental and permanent changes which homeworking and COVID-19 have raised:
- What type of data is being created? Many employers are now required to check temperatures and symptoms of their employees. This highly sensitive medical data was rarely collected pre-COVID and in some cases this information now has to be shared remotely.
- Where is the data stored? It is now on people’s home networks and personal devices. This creates a lot of data protection and security issues with end devices.
- How (if at all) is new software being vetted? In light of the speed at which the pandemic took hold on a global scale, many have adopted new services and technologies to aid isolation without the proper privacy and cybersecurity checks which we would have taken place in normal times.
- How long will this last? Will these emergency measures become the “new normal”, as was the case after 9/11 and other terror attacks.
Employers wanting to mitigate these risks should:
- Minimise the data they collect on employees in order to remain compliant. Consider whether the data is essential to your goal, and whether this goal can be achieved in another way. For example, studies have shown that simply asking people about symptoms is a more effective data collection exercise than insisting temperature taking.
- Be transparent with employees. Communicate what data is being collected and how it will be used.
- Consult with privacy professionals. It would be a mistake to assume that the global health emergency has automatically led to a relaxation of privacy regulations. Taking professional advice will ensure that employers are up-to-date and remain compliant.
What privacy and data protection trends have arisen as a result of the global crisis?
For the first time, regulations like the GDPR are being stress-tested. Two years on from its launch, the EU is adamantly upholding its privacy regulations and is exploring ways to work within the framework of GDPR to help end the pandemic while protecting fundamental human rights to privacy. Hungary has been the only outlier and has suspending certain rights afforded under GDPR in order to combat COVID-19, however the move has been met with heavy criticism from EU regulators and is not representative of a wider trend within Europe.
What is your best piece of advice for businesses to take away and think about during these times?
- Do not assume that the measures your country has taken to deal with Covid are those that were taken universally (especially if you are in Israel).
- Be vigilant when considering heightened cybersecurity risks. For example, when introducing new collaboration and communication software such as Zoom or Microsoft Teams, consider if the platform has had exponential growth during the health crisis. Many such platforms have introduced new features following their increased popularity, but these updates have raised concerned over privacy professionals for lack of compliance and weak security.
- Document everything in case of a data breach. If the regulators come knocking, you will need to prove that you did everything possible to ensure a high standard of data protection.
Key take-aways from the webinar on why your 2020 priority should be cyber-security