Cyber Tips for Covid-19
During the pandemic, we are facing a paradigm shift toward working from home as the rule, rather than being the exception.
Organisations are scrambling to deploy managed devices to their staff and we will see a rise in the number of employees using their own devices for home working. Here are 6 tips for staying cyber-safe during this time.
Manage Risk: assess risks and mitigate vulnerabilities, both independently and among key supply chain or service partners.
Business Continuity: to what extent are you following your BC Plan? This is a good opportunity to review it, in relation to how well it has worked.
Be wary of phishing attacks: raise awareness with your staff that there are criminals pretending to provide pandemic updates or pretending to be utility providers offering free services.
For remote working, consider and remediate:
- Licensing implications
- System capacity
- Authentication mechanisms
- Endpoint security
- Physical security of home offices
- File sharing methods
Collaboration tools: understand and identify use cases and clarify which tools should be (and should not be) used for business purposes.
Communications: Be clear, concise and transparent with communication to customers, partners and employees. Limit misinformation by only using trusted resources such as the WHO.
There is a set of guidance available from the National Cyber Security Centre, found here.
Covid-19 has affected companies in extremely different ways. Some have effectively shut down whereas others are experiencing a peak in demand and workload.
For those smaller organisations whose work has slowed down, but still want to be productive, here are 5 things that you could be doing to shore up your data protection compliance levels.
- Review your Data Protection and Information Security policies. Make use of templates and recommended best practice.
- Document all your technical and organisational security measures in one place. This will streamline your ability to respond to an audit or fill out security due diligence questionnaires.
- Review your Record of Processing Activities. Catalogue your main personal data processes, and for each one, capture:
- The purpose and lawful basis
- Categories of data subjects
- Third parties disclosures of the data
- International transfers and safeguards
- Data retention durations
- Security and access control methods
- Review your privacy notices. Ensure they have all the requisite information and that they are being served up to data subjects when you capture their data.
- And finally, update your subject access request processes to cater for any changes resulting from remote working.