The corona pandemic has given SMEs in particular a boost in digitization. Collaboration tools have reached an unprecedented level of penetration. Home office is widely accepted by employers. For many companies and employees, everyday life in the company has improved and made it easier. Despite all the euphoria, one shouldn’t forget data protection and information security. The BSI (short for Federal Office for Information Security) also reminds of this in its “Report on the Situation of IT Security in Germany 2020” from October 20, 2020, in which it states that the attack surface and the associated cyber threat to criminals increased during the pandemic.
The introduction of new technologies is often rash and rash
The cause of the increase is mainly in the digitization of business processes and working from the home office. In addition, some companies have rushed to introduce new technologies, especially for collaboration tools, because overnight they were forced to send employees to the home office. For some, this may have happened because of an existential threat. However, it is now imperative to take the necessary security measures. The BSI reported that around 320,000 new malware programs are created every day. Neither universities, airports nor private individuals are spared from attacks by criminals. Companies are therefore well advised to critically examine their security and systematically close loopholes.
Backlog of technical and organizational measures
Bring-your-own-device (BYOD) was the only way for some companies to keep operations going and to ensure the safety of their employees at the beginning of the corona crisis. However, BYOD represents an enormous gateway for potential damage – it threatens data protection and information security in equal measure. Therefore, everyone who works from the home office should be equipped with business devices that are centrally managed by the company’s IT. The BSI also recommends that data exchange with the company should preferably be secured via VPN. However, the problem during the pandemic is that IT staff often work from home and are no longer constantly available and responsive. Companies should therefore ensure that their IT departments have adequate staffing and substitute arrangements.
Employees are often sent to the home office without further instructions
Furthermore, one should raise awareness of the human risk factor by means of appropriate instructions and training for data protection and information security in the home office through the most concrete and practical instructions possible. In many companies, there are no home office agreements or work instructions. Feel free to contact our team if you would like support in creating the relevant documents for the home office!
In addition, you can prevent widespread social engineering attacks if employees train regularly. In such attacks, one tries to mislead employees into making mistakes by pretending to be false facts, for example the requirement for an urgent transfer to an allegedly new account of an existing customer. We offer awareness campaigns and training courses on data protection and IT security in order to arm your employees against such attacks!
Advantages can quickly turn into their opposite
As pleasant as digitization can be for companies and employees. – The clear advantages of working from home during the corona pandemic could easily turn into the opposite if malicious software entered the company via the private laptop with the outdated virus scanner. According to the BSI, the malware Emotet is still widespread. Attackers encrypt or copy data and then blackmail the company with ransom demands.
Unintentional data leaks are increasing
In addition, an enormous amount of personal data is either stolen or unintentionally disclosed, in particular patient data on PACS servers (Picture Archiving and Communication Systems), but recordings from video cameras were also affected. Companies are therefore well advised to comprehensively check the software they use for IT security. Data streams should always be traceable, risks should be evaluated and assessed, data protection and information security officers should be consulted.
If you are not sure what to look out for when introducing new collaboration tools and whether your sensitive data is adequately protected – contact our team of data protection and IT security experts here!
Die Diplomjuristin Désirée Eder studierte Rechtswissenschaften an der Universität Passau und war mehrere Jahre in Berlin in einem landeseigenen Unternehmen für Immobilienprojekte als Projektmanagerin Recht und Datenschutzbeauftragte tätig. Désirée Eder bereichert das Team nicht nur mit ihrem juristischen Know-How sondern ist auch im Bereich der Organisation und Dokumentation, sowie im Rahmen der immer wichtiger werdenden DIN-ISO Normen und für Zertifizierungsprozesse erste Ansprechpartnerin. „Für das Wohl unserer Kunden sind mir offene Kommunikation sowie eine strukturierte, effiziente und gründliche Arbeitsweise wichtig.“
This post is also available in: German