REDUCING RISKS FOR BUSINESS
David Goodbrand says that the Information Commissioner’s Office has offered clear guidance during the pandemic and that organisations should look at it closely. The public body advised:
I Carry out data protection impact assessments whenever your organisation introduces new technology or applications.
I Protect and update: Use anti-virus software and ensure updates to operating systems are automatic to ensure you are using the latest version.
I Be sensible at home: Don’t have sensitive conversations out loud in outdoor areas, such as the garden or the front door, and don’t leave confidential documents lying around to
be seen by any visitor to the residence.
I Avoid printing sensitive documents at home if you
can avoid it; if not, store them securely and use a shredder, or another method of rendering them unreadable, to dispose of them securely after use.
I Step up employee training and policies around data privacy and home working – communicate these policies clearly to all members of staff.
I Ensure the privacy of personal devices with a virtual private network – then closely monitor its usage, capacity and availability.
I Get expert help when you need it – but above all else,
look to change your working culture in the long-term to make data security fundamental to your business.
   there could be a price to pay for a general lack of focus on data securi- ty issues arising from home working.
“People were so focused on get- ting up and running that many sent employees home with a laptop and didn’t think much about it. Then issues like furlough and restruc- turing took over and data security stayed well down the priority list – even for many larger firms,” she says.
“We’re now starting to see prop- er risk assessments, and employ- ers really need to focus on training and policies and examine how home working will impact on employees.
“So far there have been very few cases arising from data breaches by employees. I think we’ll see things coming through, especially as many employees will continue working from home.”
Goodbrand says there is evidence
The move to working from home has seen problems arising from the use of software, such as that used
for video calls, that does not always have the highest levels of security. Picture: Shutterstock
that larger firms, even in key sectors like financial services, were not well- prepared for home working – and that a lack of bandwidth and infra- structure meant staff had to work at different times of day to cope with low capacity.
Adarma has recognised this issue too. Shannon says: “When virtu- al private networks (VPNs) are at capacity and disconnected tempo- rarily as they struggle to cope with the sudden rise in demand, this could leave company assets vulnerable to staff looking for insecure worka- rounds.”
The lack of sharp focus on data security has also not been lost on the online criminal fraternity.
According to Adarma: “Threats are constantly changing and with clear intelligence on new Covid-19 related phishing and malware
attacks, we see risks increasing further.”
Goodbrand also notes that there has been a big increase in attempted cyber breaches.
He says: “There has been a rise in push-payment fraud [where fraud- sters deceive individuals into send- ing them money, often by posing as a representative of a bank] and that seems to be increasing, although we haven’t seen definitive figures yet.”
This has led to a huge demand for support from cyber security busi- nesses, but Goodbrand stresses that good practice needs to start at home, saying: “The big change needs to be in the culture of businesses – both selecting the right technology for your business and embedding good practice alongside that. Firms need to be proactive and not just reactive after a cyber breach.”
23