Risk in the area of information security and data protection from Corona intensified

The cause of the increase is mainly in the digitization of business processes and working from the home office. In addition, some companies have rushed to introduce new technologies, especially for collaboration tools, because overnight they were forced to send employees to the home office. For some, this may have happened because of an existential threat. However, it is now imperative to take the necessary security measures. The BSI reported that around 320,000 new malware programs are created every day. Neither universities, airports nor private individuals are spared from attacks by criminals. Companies are therefore well advised to critically examine their security and systematically close loopholes.

Bring-your-own-device (BYOD) was the only way for some companies to keep operations going and to ensure the safety of their employees at the beginning of the corona crisis. However, BYOD represents an enormous gateway for potential damage – it threatens data protection and information security in equal measure. Therefore, everyone who works from the home office should be equipped with business devices that are centrally managed by the company’s IT. The BSI also recommends that data exchange with the company should preferably be secured via VPN. However, the problem during the pandemic is that IT staff often work from home and are no longer constantly available and responsive. Companies should therefore ensure that their IT departments have adequate staffing and substitute arrangements.

Furthermore, one should raise awareness of the human risk factor by means of appropriate instructions and training for data protection and information security in the home office through the most concrete and practical instructions possible. In many companies, there are no home office agreements or work instructions. Feel free to contact our team if you would like support in creating the relevant documents for the home office!

In addition, you can prevent widespread social engineering attacks if employees train regularly. In such attacks, one tries to mislead employees into making mistakes by pretending to be false facts, for example the requirement for an urgent transfer to an allegedly new account of an existing customer. We offer awareness campaigns and training courses on data protection and IT security in order to arm your employees against such attacks!

As pleasant as digitization can be for companies and employees. – The clear advantages of working from home during the corona pandemic could easily turn into the opposite if malicious software entered the company via the private laptop with the outdated virus scanner. According to the BSI, the malware Emotet is still widespread. Attackers encrypt or copy data and then blackmail the company with ransom demands.

In addition, an enormous amount of personal data is either stolen or unintentionally disclosed, in particular patient data on PACS servers (Picture Archiving and Communication Systems), but recordings from video cameras were also affected. Companies are therefore well advised to comprehensively check the software they use for IT security. Data streams should always be traceable, risks should be evaluated and assessed, data protection and information security officers should be consulted.

If you are not sure what to look out for when introducing new collaboration tools and whether your sensitive data is adequately protected – contact our team of data protection and IT security experts here!