Data Privacy Day is Jan. 28, just like it does every year. But as with everything else, COVID-19 has forced us to reconsider a new normal for enforcing data privacy in the work-from-home (WFH) environment. Sponsored by the National Cyber Security Alliance (NCSA), Data Privacy Day is designed to “inspire dialogue and empower individuals and companies to take action” on the way personal information is collected, stored and used.
Data privacy is a global effort. We’ve seen that with laws such as GDPR in the European Union and how wide-reaching that compliance is. But we also know that COVID-19 has reshuffled the protocols and procedures for cybersecurity and data privacy, making compliance more difficult to manage. In November, the United Nations put out a statement that noted data privacy must remain a top priority in the efforts to fight the pandemic, and even for health purposes, data collection and data harvesting must be done in a manner that will protect PII for all citizens.
You can’t protect what you aren’t prepared for, however. When organizations went to WFH last spring, there was an expectation that we would see a lot of new schemes designed to access consumer data, but that’s not quite what happened.
“While we really haven’t seen new scams crop up as a result of the growing number of remote workers, what we have seen is the proliferation of the existing scams,” said Kelvin Coleman, executive director of NCSA,in an email conversation.
For example, he stated, phishing schemes have gotten particularly nefarious as bad actors have begun to pose as researchers or other legitimate organizations to push false research and other initiatives as a way to lure people into handing over sensitive information or money.
Cybersecurity threats to connected devices have also taken on a larger role as bad actors attempt to gain access to sensitive business information through these devices.
This is why it is so important for users working remotely to be as keen-eyed as possible and to employ cybersecurity best practices such as regularly updating software and connecting to protected Wi-Fi networks only, Coleman said. When you anticipate what the bad guys are doing and how they are trying to infiltrate your network, you can get the workforce on board with improved data protection practices.
Reinforcing Data Privacy Regulations at Home
The theme for 2021’s Data Privacy Day is twofold. For individuals, the push is to “Own Your Privacy,” with an emphasis on how to protect their personal information. Businesses are encouraged to “Respect Privacy” by being responsible for consumer data and safeguarding it from unauthorized access. For those employees who continue to work remotely or are working in a hybrid environment, there is a lot of intermingling between personal and organizational behaviors, especially when using personal devices or sharing devices with other family members. So approaches to how to enforce data privacy need to be tweaked.
“In terms of best practices,” said Coleman, “businesses need to embrace comprehensive plans that wrap in not just effective security policies, but also training road maps for their IT teams and embrace ongoing cybersecurity education into their workplace culture.”
IT teams should be vigilant about making sure their legacy hardware and software is as up to date as possible and that employees are always kept abreast of any particular threats and how to avoid them. “This will allow IT teams to not only make sure their internal cybersecurity protocols are being adhered to as well as possible but that their organizations are meeting any mandated regulatory frameworks as well,” he added.
Why You Need to Keep up With Data Privacy Protections
GDPR and California’s Consumer Privacy Act seem to get most of the attention when we talk about data privacy these days, but every industry has had data privacy regulations it has to follow. And that compliance doesn’t disappear just because everyone is working offsite.
However, when everyone was onsite, someone was right there directing any issues surrounding data privacy. If an employee didn’t know the answer, there was someone readily available to answer the question. (Those people are still available, but getting the answer may not be as simple.) So there is a lot more confusion about what is a violation of compliant behavior that puts the company at risk.
While staying compliant and keeping data secure may seem like a daunting task, remaining protected starts with something as simple as each employee conducting an audit of their own personal security hygiene and making adjustments. Modifying passwords to make them stronger or having security software on all devices could add huge benefits to bolstering both personal and business data privacy efforts. Also, Coleman recommended, employees should be encouraged to check their privacy settings on their devices and applications on a regular basis.
Employees have a greater responsibility for data privacy in a WFH environment. With Data Privacy Day on the horizon, this is a good time to reinforce best practices and why we need them.