Here at CAT, we’re proud supporters of Privacy Awareness Week (PAW). This year’s theme of ‘rebooting your privacy’ landed at the right time and was a solid reminder that we, as businesses, should always remain on top of the key principles of good privacy practice.
Privacy and protecting personal information were the two major talking points of the week, with a particular focus on how these are impacted by the current situation and the uptick in remote workforces.
With PAW 2020 wrapped up for the year, we’re taking the opportunity to review the key learnings of the week and offer our recommendations for ensuring your information security risk is mitigated.
Key Learning: Update Your Privacy Controls For Remote Staff
The threat landscape is forever changing, so constantly reassessing your businesses privacy controls on a regular basis is critical — but this is especially pertinent during this period of increased remote work.
You should use this time to update your privacy policy so it works for your staff in a remote context and to ensure your business remains privacy compliant. There are a number of key privacy checkpoints that should be re-looked at during this period.
Collectively Enforce Mandatory Updates
Ensure that software and system updates are enforced and implemented on every endpoint. Your IT Manager or IT provider can ensure that patches and updates are automatically pushed out regularly, and at a time that won’t inconvenience your staff. More importantly, this will prevent staff being able to put off updates, which would expose your business to unnecessary risk.
Secure Home Internet Connections
When working from home, provide staff with clear guidelines on securing their home environment from digital risks such as changing the default username and password on their router and setting up guest networks for all IoT and visitors.
Avoid Common Vulnerabilities With a VPN
To further protect your corporate data, consider employing a Virtual Private Network (VPN). Simply put, a VPN creates a virtual tunnel between you and a remote server or host. Enterprise VPNs provide an end-to-end encrypted tunnel to hosted corporate systems, typically using a firewall client application. A commercial VPN operated by a VPN service provider ensures that all your internet traffic is privately routed through their network, so your data is secure from prying eyes. VPNs ensure that staff working remotely are accessing your systems and corporate data more securely.
READ MORE: Our whitepaper Working Securely When Working Remotely includes 10 top tips for a productive and secure remote workforce. Download it here for more information.
Key Learning: Make Protecting Personal Information a Key Priority
We’re constantly connected to the internet through so many different devices — phones, laptops, tablets, TVs, security systems and during this period of increased remote working, more information is being shared online than ever before.
To avoid a notifiable data breach, being scammed, or a victim of financial fraud or identity theft, protecting sensitive information must be a priority.
For your remote workforce, there are a number of personal information security methods that should be implemented to avoid data breaches.
Implement a Password Management System
Long and complex passwords or passphrases are required for good privacy hygiene, but many employees struggle to remember these and opt for simple, easy to remember options. It’s good practice to deploy a password management system for your business, to ensure all passwords are unique and encrypted. In a remote work setting, centralised password management systems prevent staff from writing passwords down, reusing passwords across multiple sites, or using passwords that are easy to guess or work out from their social media activity.
Enable Multi-Factor Authentication
Multi-factor authentication (MFA) is one of the most effective tools to prevent unauthorised access to your networks and systems. In a remote work environment, MFA is critical in mitigating information security risk. Ensure the MFA options you choose are suitable for the technical capabilities of your remote worker.
Encourage Employees to Avoid Social Logins Across Platforms
While it’s an easy option, using social logins to access and login to other products is fraught with data and privacy risk. Many people use this option because it’s easy and quick. Encourage your employees to use best practice privacy controls across their own personal accounts. Personal and work-related data can easily be exposed if a breach occurs due to this issue.
READ MORE: Need to know more? You can enhance your information security posture with our free to download whitepaper. With 10 top tips from our team of information security specialists, your remote workforce will be secure and productive.
Implementing privacy changes
It’s critical to have the buy-in of your staff in order for your updated privacy policies to work. Ensure you have operational practices and procedures that support your new privacy efforts. Sending them an email with an update on your policies isn’t enough – they’ll need to be onboarded to the new processes. Demonstrating real-life case studies of actual incidents, whilst arming them with preventative mechanisms, will enable them to feel more responsible for their actions when not in the office.
If you have questions about enhancing your company’s information security posture, our team is here to assist and support you. Contact us today.
