Data Protection and Security Threats Trends amidst the pandemic and WFH

The impact of the COVID-19 pandemic is already being felt in many ways. The world has been forced to adapt quickly, with a significant number of people now working remotely or at least partially so. This includes both employees who are currently not able to go into their offices as well as those that have had to do this for some time due to business closures. In addition, there is also an increasing number of companies moving towards remote working arrangements with employees requiring remote access to an organisation's network. This brings about new security risks that organisations have to be mindful of.

With the present situation, it seems likely that we will continue to see businesses having remote working arrangements going forward. However, organisations must remain vigilant about data protection and cyber threats, exercise good cyber hygiene and implement the right data protection practices.

Data protection/privacy overlaps with security 

In order to protect personal information, organisations need to ensure that all relevant policies and procedures are followed when handling sensitive customer data. For example, if your organisation is using cloud services then it is the organisation's responsibility to ensure that the accessibility and storage of the data is secure. If your organisation uses third-party software applications on your network then there is a need to check whether any vulnerabilities exist that could allow hackers to gain unauthorised access to the organisation's systems. The organisation can consider implementing additional security measures such as increased adoption of secure technologies, ensuring that employees have strong passwords, multi-factor authentication, encrypted storage solutions and so forth.

The diagram below illustrates the overlap between privacy and security where confidentiality, usage and access is the common factor between the two. From the privacy angle, we look at the collection, usage, disclosure and storage of data. On the other hand, the security perspective is focused more on intelligence and governs the area of unauthorised access to the organisation.

Amidst the pandemic and the remote working environment, we have observed and collated several data protection and security threats trends amidst the pandemic and remote working environment:

• Continued sophisticated cybersecurity threats and more data breaches involving intrusive mobile apps
• EU’s GDPR and ISO 27701 will be firmly established as standards used for operational compliance and data protection management
• The importance of certification will continue to gain momentum driven by local data protection/privacy authorities with growing public awareness of data protection/privacy
• 91% of cyber-attacks start with phishing attacks (Source: PhishMe's 2016 Phishing Susceptibility Report)
• 80% of data breaches in 2019 was caused by password compromise (Source: 2019 Verizon Data Breach Investigations Report (DBIR))
• 154% growth of ransomware incidents in 2020 in Singapore (Source: Cyber Security Agency of Singapore)

CUDS - Collection, Usage, Disclosure and Storage

To combat these issues, organisations should consider re-evaluating their risk areas to ensure that most if not all the organisational risks are documented appropriately and raised to management, particularly in this new, ever-changing digital environment brought about by the pandemic.

Organisations could start from the diagram below as a checklist of critical areas where risks arise. It is vital for the activities in the collection, usage, disclosure and storage to be correctly identified so the appropriate measures can be implemented to mitigate the risks.

From the information security perspective, controls are needed to be put in place to ensure that there is no unauthorised access to the data within the organisation. Examples of these controls include:

• Ensuring frequent password updates
• Two-factor authentication
• Robust internal IT infrastructure and network
• Remote monitoring tools to ensure that all company devices are updated and patched
• Constant educational updates on good cyber hygiene practices to all employees

Innovative data protection-as-a-service (DPaaS) platform

The DPOinBOX software is an example of a tool that allows a data protection officer (DPO) to identify the risks in an organisation ranging from compliance risks to inventory and even process or project risks. There are also modules within the software that takes the DPO through the process of managing a data protection management programme:

• Assessing and collating the different risks into a report after identification
• Ensure that there are data protection controls to mitigate the various risks
• Sustain the various initiatives through monitoring, auditing and communication
• Operationalising a response plan in cases of data breach incidents and requests

If you are interested to find out more about DPOinBOX, feel free to contact us via sales@straitsinteractive.com to speak to our team.

The content above was developed utilising material from our webinar held on 5 August 2021, if you would like some quick points of what our speakers have to say, click here to view our webinar summary.