Covid-19 Is Not Only A Threat To Your Health And Job, But Also To Data Security And Privacy

Covid-19 Is Not Only A Threat To Your Health And Job, But Also To Data Security And Privacy

The post-COVID-19 era is going to be full of challenges for individuals and organizations alike. Not just the health or job security issues, but increased data security and privacy challenges have now started to haunt organizations as cybersecurity risks can tarnish the reputation, drain the finances, and in an extreme case, businesses cease to exist!

The Covid-19 Pandemic has severely affected the global health scenario and led to many employees’ loss of jobs. However, these are not the only threats from the pandemic. Those who have managed to stay in their careers have been working from home. It has raised cybersecurity concerns regarding the confidentiality, integrity, and availability of critical data assets of organizations and the employees’ privacy. Data security involves protecting data against unauthorized access or modification, while data privacy relates to any rights you have to control your personally identifiable information (PII) and how an organization or individual can use it. Both data security and data privacy are related to each other. Organizations can use their limited cybersecurity budget effectively if they can implement common controls to protect both.

The Risk For Organizations

Even as per the statistics of the early months of the Pandemic, around 65% of organizations used remote work very frequently to accomplish most of their daily tasks.

Image source: Statista.com

The Work-from-Home (WFH) concept led to employees using their personal computers and phones to do their official work. The practice has raised organizations’ risk-level to a level higher than ever from threats such as ransomware. Even the best safeguards in place become useless when vulnerable personal equipment is included in the network. The network is only as secure as the weakest link in it.

Some organizations also increasingly adopt concepts such as ‘Bring Your Own Device’ (BYOD), which encourages personal devices even when not working from home. The main cybersecurity risks for an organization by the use of personal devices are summarised as:

  • Cyberattacks such as ransomware and phishing by accessing organizational information stored in personal devices compromising both data security and user privacy.
  • A chance of the personal device holding personal or official data getting misplaced, lost or sold, whereby critical information can reach the wrong people.
  • Data breach due to the use of removable storage devices such as memory sticks that can be lost or get into the wrong hands.

It raises some critical questions. Is the practice of using personal equipment for official work secure enough? Are organizations adequately prepared to face the consequences? Are their critical assets appropriately insured? Such questions prompt organizations to verify and re-assess their cybersecurity posture.

The Risk For Employees

Ideally, personal equipment must not be used for work. However, the pandemic situation made it a necessary evil. Nevertheless, most organizations ask the employees to have their cybersecurity solutions incorporated into their systems. With this step, the workers compromise their privacy as their employer could be monitoring all their activities besides work. And if the employers don’t ask them to install the security software, the personal devices can turn an enormous security risk.
.In a world of ever-changing and extremely complex data privacy regulations, such as the General Data Protection Regulation (GDPR), a compromise in enterprise security can lead to data privacy issues. That may not only cost you a job but also make you face legal and regulatory consequences.

Basic Cyber Hygiene: Precautions Against Data Breach

With an increase in the use of personal devices for remote work, the magnitude of the cyber risks increases too. The following are the cybersecurity best practices for anyone to follow to stay secure from threats to critical information assets and privacy while working from home.

  • Use software with the latest updates, impervious to attacks with appropriate patches and security measures.
  • Use stronger passwords by combining capitals, small letters, numerals, and special characters. Never use easily guessable passwords like whole words or birthdays.
  • Use multi-factor authentication (MFA) security on your mobile devices. It’s one of the robust cybersecurity measures.
  • Ensure Windows Defender is running, which adds another layer of security and costs nothing.
  • Change the Admin password on your broadband router and keep it somewhere safe.
Final Words

The Pandemic outbreak witnessed organizations calling out ‘Desperate times, desperate measures.’ Hence, they resorted to unsecured practices for fear of their businesses getting stalled. However, organizations must ensure that all safeguards possible within their budgetary constraints are implemented and monitored to protect the confidentiality, integrity, and availability of their valuable information assets. Training employees on basic cyber hygiene, identifying phishing emails, and dealing with a security incident can avoid the outbreak of enormous consequences due to data security and privacy issues.

References
Gov.uk, Coronavirus (COVID-19) – staying safe online, April 23, 2020

https://www.gov.uk/guidance/covid-19-staying-safe-online?

Rebecca Lake, Mobile And Online Banking Security During COVID-19: What You Need To Know, June 16, 2020, Forbes

https://www.forbes.com/sites/advisor/2020/06/16/mobile-and-onlinebanking-security-during-covid-19-what-you-need-to-know/#460976d1206c

Microsoft Security Team, 11 security tips to help stay safe in the COVID-19 era, June 09, 2020, Microsoft.com

https://www.microsoft.com/security/blog/2020/06/09/11-security-tips-staysafe-covid-19-era/