The COVID-19 Pandemic forced businesses to ask their employees to work from home when lockdowns and social distancing norms were imposed worldwide. However, when it came to business data security, the year witnessed a surge in cybercrimes. Moreover, employees were not aware of the importance of VPNs and ways to protect critical business data shared during their work. This led to many business losses for some companies and a need to incorporate new laws and regulations for protecting business data while working from home in the Pandemic era.
Risks businesses have to face due to work-from-home environment.
Employees that access sensitive or confidential data on their devices gives rise to many problems:
- Personal computers are not governed by the company and lack the proper cybersecurity safeguards that the business needs
- The company might be restricted in access information about it in personal email accounts or other third-party platforms like Dropbox as the third party hosting the account might allow access only to the owner of the account, i.e., the employee.
- Employees that access sensitive or confidential information on their personal computers or devices might not be aware of the fact that specific actions like the opening of a data file might make a local copy of the data of the business on their devices
- Employees might not delete or erase information from the company securely from their personal computers correctly.
Imposition of State Laws for businesses
There are several state laws in the USA that require businesses to protect their customers’ information with reasonable levels of security in work from homeworld. For instance, New York recently passed the Stop Hacks and Improved Electronic Data Security Act (SHIELD Act). In addition, sections 899-AA and 899-BB under the New York General Business Law were amended to expand the extent of information subject to the data breach notification law (covering email addresses, biometric information, and usernames).
It also added the mandate that every business should develop, incorporate and maintain reasonable protection levels for safeguarding the confidentiality, integrity, and security of private information. This Act also updated the procedure for notification that organizations should follow in case-specific information about the state residents of New York gets compromised.
What does SHIELD cover?
Under this Act, if any business fails to take steps to protect the transfer of organizational data to any personal device, it will amount to failing to maintain and implement reasonable safeguards for data. In some other instances, the above transfer will also constitute a breach of data. For instance, New York has defined a breach of any security system as unauthorized access or the acquisition of computerized data that has compromised the integrity, confidentiality, and security of private information maintained by any business.
For example, when an employee of the organization resigns, he/she has no authorization to access the company’s data. However, the employee might still have possession of this data. Since the employee is not employed by the company anymore, their access to any information might constitute unauthorized access.
Some more cases of businesses facing problems with company data
There was an incident where a former employee working (FDIC) The Federal Deposit Insurance Corp left the organization with data of more than 44,000 customers of the FDOC stored on a personal storage device. While the FDIC maintained that the employees acted without any malicious intent, they reported this incident to Congress, citing a major security breach.
The positive side of this incident was this security breach left a negative impact on the agency’s reputation as three days later, when the breach was detected, the ex-employee returned this storage device and signed an affidavit stating that the data was not used in any way.
However, IT experts in cybersecurity state that the above incident is just an example of a best-case scenario. Now, in case any employee has been terminated, or their resignation is due to a disagreement with the organization, or if they are immoral or currently incurring any financial hardships, there is a high possibility that this employee will use the company data for their own needs.
For example, in API Americas Inc Versus Miller, an employee worked from home and sent many emails with details of the business information of the company from his official corporate account. This employee left the company suddenly to work for a direct competitor and used the information he has emailed later to win over the biggest client for his company.
Data security tips needed in the Pandemic era
Specialists from the esteemed name in data administration and management, Remote DBA says that businesses should incorporate the following tips when it comes to the protection of data-
- They should implement technical configurations that stop employees from freely transferring data while connecting through the company’s network.
- They should incorporate monitoring software for data leaks.
- They should give employees procedures when they return to the office in detail on how they must delete information that belongs to the company from their devices. They should also make employees certify that they are following the above procedures as stated and are aware of all the repercussions, both external and internal, in case they fail to abide by them
- Provide their employees with office/work laptops with safeguards already installed in them to match the company’s levels of cybersecurity infrastructure.
The pandemic has forced most businesses to switch their conventional office setups to novel work from home environments. As all the states in the nation are attempting to bring back their business operations to normal and get employees back to their regular office setting. Both companies and law firms dealing with businesses should be aware of all the risks that are posed due to their information being traversed from non-traditional platforms to personal storage devices of employees.
There are many aspects that you have to deal with while working from home. So it will help you if you have a robust system in place to deal with work-related issues.