Remote working and data breaches: How businesses can stay protected
By Michael Borromeo
By Michael Borromeo
The COVID-19 pandemic has ushered in a new era of information security threats. While much attention has been paid to age-old scammers taking advantage of global anxieties to target people in their most vulnerable moments, the millions of Canadians forced to work remotely has made the home office a new focus for fraudsters.
The increased risks that come with remote working
Why are our home offices now a target? Largely because the technology to work remotely is in place while the commitment to data security isn’t. According to a 2019 report from the Canadian Radio-television and Telecommunications Commission, 89% of Canadian households subscribed to Internet service and nearly all (99.0%) subscribed to either mobile or landline service, showcasing the accessibility of remote working. However, Shred-it’s 2019 Data Protection Report shows that many businesses don’t have plans for properly storing and disposing information when workers are offsite. With so many people working remotely because of the COVID-19 pandemic, typical cybersecurity and data protection risks are being amplified and leading to higher chances of a data breach.
The report reveals that more than 52% of C-suites and 40% of small business owners say that employee negligence or accidental loss is the root cause of data security breaches. Transferring files between work and personal computers, leaving confidential documents unattended, or relying on personal email accounts can all make you more susceptible to fraudsters stealing information. Being at home can also mean a higher risk through the use of unsecure Wi-Fi connections and mobile apps, negligent care of documents, visual theft, and improper disposal of confidential information as compared to being in the office.
Lastly, many people often throw out old devices once they’ve upgraded to newer models. Despite being unusable to most, fraudsters with the right technical knowledge can still easily retrieve the confidential data contained on many of these old devices.
What can businesses do to prevent or mitigate these risks?
Cyber criminals are constantly devising new ways to steal and access sensitive data, so organizations need to continue to improve how they protect themselves against these threats. Businesses who establish routine processes and implement security best practices can help to lower their chances of a data breach significantly. This begins with creating security awareness and compliance programs which continually reinforce safe behaviour both online and at home, such as how to spot and avoid potentially malicious emails, as well as never leaving their work devices and documents unattended.
According to Shred-it’s 2019 Data Protection Report, 73% of C-suites indicated they were very aware of how to properly dispose of electronic devices such as hard drives and USBs, but only 53% felt their employees were doing so. It’s therefore no surprise the same report revealed that human error is the number one cause for data breaches. Therefore, instilling these best practices creates a solid foundation for data security that can help to lower your organization’s risk susceptibility.
In addition to educating the workforce, business leaders can help to mitigate risk by establishing and enforcing policies and processes that follow cybersecurity best practices. Requiring the use of encryption when storing or transmitting sensitive data, providing VPN access to networks, and periodically reviewing user access to applications are key steps to improving an organization’s security posture.
Cyber insurance is an additional step to consider when looking into a well-rounded security system. In the event your company does suffer a data breach, cyber insurance protects digital records like physical documents by helping to recoup costs incurred as a result of the breach.
At the individual level, the best way to prevent fraud is by prioritizing data protection and making it a part of your daily routine. It’s easy to let data protection best practices fall to the wayside, especially when everyone is feeling overwhelmed, but this can make your business more susceptible to scams and data breaches. By keeping the protection of data top of mind as you go about your daily routine, working securely from home during the COVID-19 pandemic will become as natural as putting on your seatbelt when getting in a car. When in doubt, seeking out professional help can help you manage information security risks with little effort as well.
Michael Borromeo is vice-president of data protection at Stericycle, the provider of Shred-it information security solutions.