Summary
As the Covid-19 Pandemic forces more employees than ever before to work from home (“WFH”), businesses face new and different data privacy and security risks. This change is not lost on U.S. regulators, but it does not mean that businesses will get a pass on data privacy and security issues potentially caused by the shift in working conditions. In an effort to help businesses navigate these new circumstances, BCLP has prepared a series of articles on addressing data privacy and security issues in a WFH environment.
If your business regularly handles sensitive electronic data in the office1, chances are that your employees working from home now have to continue handling sensitive data outside the safety of your office network. This poses many challenges but, with some forethought, many businesses will likely find that they can continue most operations without sacrificing security.
- Encryption in transit. At a minimum, your team should avoid sending sensitive information via email. Email traffic can be intercepted in transit. Additionally, cloud-based email services like Gmail or Outlook365 are frequent targets of credential stealing attacks..
- Secure File Transfers. Since you are minimizing the transmission of sensitive information over email, you should discuss with your IT team what tool your company should use for secure file sharing. Things to look for: robust privacy and security representations in the contract for the product, easy setup and simple training (a difficult app will not be used), and a simple mechanism for removing information from the app once it is no longer needed.
- Encryption at rest. Ideally, all devices that handle sensitive information for your business will be fully encrypted. Realistically, many businesses end up able to encrypt only a segment of their systems because of resource constraints (both money and IT time). Prioritize encrypting those systems that handle large amounts of sensitive data, g., human resources, financial/accounting systems, payment processing systems.
- Version control. Some sensitive electronic documents may need to be worked on by a team of individuals. In those cases, you will want to ensure that an appropriate version control system is in place or a procedure has been agreed on to avoid employees duplicating work or ending up with disparate versions of a critical document.
- Minimizing data handling. Keep in mind that it may be a good idea to cut down on handling sensitive data for a period of time. Some tasks that require working with large quantities of sensitive data may be best delayed until the employee is able to access a secure area in the future.
- Secure destruction. Check out our article on securely destroying both physical and digital files for tips on how best to tackle the end-of-life cycle for sensitive data.
This article is part of a multi-part series published by BCLP to help companies understand and cope with data security and privacy issues impacted by the Covid-19 Pandemic.
1. Check out our article on handling sensitive hardcopy data as well:
[View source.]
