Across the globe, businesses and consumers alike are presented with challenges related to COVID-19. Both are facing challenges on how to operate. Our workspaces and landscapes are changing as many have found themselves in newly remote businesses. While individuals are making drastic adjustments in their home lives to accommodate these changes, organisations are having to make quick and drastic adjustments in their policies and practices to keep up with the newly established remote workforce not only functioning, but also secure and compliant. One of the biggest challenges we’ve seen businesses face is how to create a secure and compliant workforce outside of the business’ own physical workplaces.
The rapid increase in cybercrime adds fuel to the fire during this time. According to the United States Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), more and more malicious actors are exploiting the pandemic.
Ensuring compliance has never been more critical with the combination of increased cybercrime, remote working and the growing importance of data security. The first step in adhering to compliance standards is to start with the employee. Ensure that employees are educated around existing compliance protocol and are practicing secure behaviors online and over the phone. With the transition to remote working, it’s easy for protocol to subconsciously take the back seat as personal devices and now shared workspaces introduce more ways for data to be leaked. A few things to keep in mind for employees working from home:
- Change your passwords regularly and vary your passwords across different accounts. We all know it, yet according to research from PCI Pal, 47% of Americans are still using the same password across multiple sites and apps, leaving accounts extremely vulnerable to hackers and fraudsters. Knowing it doesn’t fix it, now is the time to update those passwords and consider utilising a secure password management tool to improve account security for both personal and business accounts.
- Utilise two-factor authentication whenever possible. While most services offer some form of two-factor authentication, 23% of Americans are still not utilising these tools to protect themselves. Now is the time to begin taking advantage of these tools to provide an extra layer of security
- Verify links and files prior to clicking or downloading. Even with fraud headlines hitting us daily, many of us are moving too quickly to take the time to verify the safety of the links or attachments we are accessing. Phishing attacks amount to the greatest cause of cyber compromise, with almost 30% of clicks on links of unknown origins. Avoid opening questionable links and attachments.
- Be wary of phone scams. Especially when utilising additional and personal devices, remote workers need to consider security over the phone. Phone scams have increased during coronavirus, with fraudsters posing as health officials and other services to steal our personal data. It’s okay to verify someone’s credentials. Another best practice is to contact the company directly through the phone number provided on the reputable company’s website, especially if they are asking for sensitive card data and other PII (Personal Identifiable information).
While organisations can begin by setting up secure practices and training for remote workers, it doesn’t stop there. A business requires systems, not just people, to be compliant with data privacy regulations. As with any human function, there is room for error, costly ones. With GDPR, and new regulations like the California Consumer Privacy Act popping up across the U.S., organisations can’t afford a data breach — especially during these uncertain times, which has already impacted so many businesses financially.
To ensure your business maintains compliance with privacy regulations in your region, start by adjusting any privacy practices as needed. A few steps for businesses to consider:
- The way your company collects and uses data should still be the same, but you may need to enact new security measures to ensure employees handle data securely at home.
- Any compliance officers in charge of meeting disclosure requirements will need to be able to securely access any consumer data from home – a process that will likely require additional security measures and tools.
- To ease any customer concerns and provide some much-needed certainty, let your customers know of any new security measures you put in place. Making customers aware of any changes will make them feel more confident doing business with you during this time and help build trust and loyalty.
- For any business handling consumers’ sensitive payment details, adopting a PCI compliance solution that works across multiple customer engagement channels. Complying with the PCI DSS, which is the highest standard of security for payments, can help to ensure compliance with additional data privacy regulations and protect your company and customers from data breaches – whether you’re taking payment details from the office or at home.
We are in difficult and unnavigated times, and a data breach won’t make things any easier. Employees and consumers alike are looking to businesses to prioritise security and compliance while ensuring that the tools are in place to securely work remote. We don’t have a blueprint to know what the workplace will look like in a month, or in 6 months, but taking these steps today towards improving your organisation’s security practices with ensure that your company and employees are prepared for all that the future holds. Allow the interactions to be about the customer and a positive journey. With the right solutions in place, your organisation can be a source of calm in the chaos.
The post Security and Compliance in the Age of Remote Working appeared first on PCI Pal.
*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Nicole Von Seggern. Read the original post at: https://www.pcipal.com/en/knowledge-centre/news/security-and-compliance-in-the-age-of-remote-working/