New workplace developments demand attention as data breach costs rise

2023-04-20
Article Banner

By Alvin Toh 


Just three months into 2023, two developments are demanding urgent attention from data privacy professionals to review and update their data protection practices.

Firstly, the adoption of a post-pandemic hybrid working arrangement by numerous organisations; and secondly, the phenomenal speed with which ChatGPT has taken the world by storm.

The advent of AI technologies creeping into the workplace is a double-edged sword. Many of these new applications are unique, from small startups, which may not have any privacy-centric objectives or practices, and are quickly becoming integrated into work processes.

This is where data protection and data governance officers may want to urgently declare what constitutes safe, responsible and ethical use of AI tools. On the other hand, established firms' AI augmentation of processes and applications can assist overworked and understaffed data protection functions in handling new risks and incidents more effectively.

A recent study has shown that remote working arrangements can lead to higher risks of data breaches, particularly when there are no supporting practices in place to ensure a secure distributed work and data processing environment.

Learn how good data governance can not only help you protect data in your organisation, but derive even greater value from it, by taking the modules of the Advanced Certificate in Data Governance Systems.

The Cost of a Data Breach Report by IBM in 2022 revealed that the global average total cost of a data breach had risen to a record US$4.35 million, with costs rising by nearly US$1 million when remote work was a factor in causing the breach. Additionally, organisations with a remote workforce took an average of 58 days longer to identify and contain a breach than office-based organisations.

Furthermore, employees who use their work devices for personal tasks can increase the risk of phishing attacks and malware infections. While some organisations have returned to full-time office work, others have embraced a fully remote arrangement, and some have implemented a hybrid model.

Regardless of the chosen arrangement, it is crucial for organisations to invest in modern cybersecurity measures, such as multi-factor authentication, regular software updates, and employee education, to ensure that their remote workforce is adequately protected.

Organisations must also establish policies around using personal devices for work purposes and implement technology to monitor and prevent the use of shadow IT. Remote workers should have access to encrypted communication and file-sharing tools, and regular backups of data should be made to prevent data loss in case of a breach.

In short, remote working comes with increased cybersecurity risks, but with the right measures in place, organisations can still reap the benefits it offers while keeping their data secure.

Take a hands-on approach to understanding information and cyber security from a management perspective, and learn how to create an Information Security Policy in our Information & Cyber Security for Managers, EXIN Certification course.


Employers weigh risks of remote or hybrid productivity

Privacy concerns in remote work environments

One concern is that employees may not have the luxury of a dedicated, undisturbed workspace in their own homes. This can lead to increased risks, such as data breaches when working from home or in a hybrid capacity. Personal devices and unsecured Wi-Fi networks can pose a threat to data security, making it essential for employees to become more data protection conscious. Organisations must address these challenges and raise awareness about the importance of data protection.

Implementing remote work policies and best practices

Sharing a workspace with family members can also lead to inadvertent exposure of personal or sensitive data, making it crucial for organisations to implement a remote working policy that outlines dos and don'ts for employees. Cybercriminals often exploit remote work situations to carry out phishing and social engineering attacks, so employees must be conscious of these threats and adopt safe practices when handling personal data, such as customer data, financial information, and intellectual property. This is to prevent unauthorised access and potential misuse.

Security measures and employee training

Data breaches have influenced decisions on whether to continue remote working, highlighting the need for strong security measures and better staff training. Organisations can implement measures such as providing secure devices, offering regular training on data protection and cybersecurity, and using virtual private networks, VPNs, and other security tools to protect data. Trends in cybersecurity and remote work environments include increased adoption of multi-factor authentication, zero trust architecture and AI-driven security solutions, as well as a growing focus on employee training and awareness programs.

Balancing privacy and productivity in remote work

As an employer, it is important to consider privacy concerns and productivity measurement as part of your data protection and privacy practices. This includes ensuring that staff surveillance is not excessive and implementing standard operating procedures to comply with applicable data protection and privacy laws. Additionally, taking staff out of a secure office environment can bring about additional risks to adhering to good data privacy practices.

Stout infosecurity is insufficient to safeguard data

Many people may think that having a good info security system would shield your organisation from the multiple risks of securing your organisation’s assets and systems. But you can have security without privacy – for instance, where CCTV is used. Conversely, you cannot have privacy without security: a security breach that results in a data breach can destroy privacy.

What this means is that you may have excellent info security, but you may not be compliant with data privacy laws, such as the personal data protection acts found in several ASEAN countries, China’s Personal Information Protection Law (PIPL) or the General Data Protection Regulation (GDPR) that is part of European Union law.

To learn more about various regional laws, including those of Indonesia, Thailand, Singapore, Philippines, Malaysia and China, consider taking the modules of our Advanced Certificate in Data Protection Principles.


How you can help your people protect personal data

When it comes to training, instead of focusing purely on teaching privacy law, focus on what your staff should do well to protect data while doing their jobs efficiently and effectively.

Technology that elevates human strengths

Human creativity and knowledge will always be imperative for defence. There are now AI technologies such as Microsoft Security Copilot that can augment your IT professionals’ expertise with speed and scale to handle the management of data breaches. More similar tools will soon be heading to the market for data protection officers.

Simplify the complex with new intelligent AI tools

As data breaches unfold, every minute counts. Put policies and codes of conduct in place that key stakeholders are accountable for and are up to date to respond to. Many organisations faced with a data incident are unable to activate the right resources and people in time to contain, and assess the situation.

AI technologies like Security Copilot can help defenders respond to security incidents within minutes instead of hours or days. They assist by delivering critical step-by-step guidance and context, using easy-to-understand natural language investigation and reporting to accelerate investigation and response. The ability to speed up and customise reporting frees up IT and data protection teams to focus on more pressing work.

Catch what others miss

No time or resources to monitor every detail all the time? Your team can now discover malicious behaviour and threat signals that could otherwise go undetected with intelligent tools that track and analyse data behaviours. AI tools can surface priority threats in real-time and anticipate a threat actor’s next move with continuous reasoning based on global threat intelligence. Such tools also complement the expertise of security analysts in areas such as threat-hunting, incident response and vulnerability management.

Address the knowledge and skills gap

A data protection team’s capacity will always be limited by the team’s size and the natural limits of human attention. Build up your data protection office team’s skills with the latest training and deliver in person, via e-learning or in a hybrid form (with both self-paced and live sessions) to cater to just-in-time training needs.

Read more


This article was originally published on 11 April 2023 in The Fast Mode. To read the full article, click here.

Alvin Toh is the Chief Marketing Officer of Straits Interactive.


Unlock these benefits
benefit

Get access to news, enforcement cases, events, and actionable tips and guides

benefit

Get regular email updates and offers

benefit

Job opportunities, mentorship and career guidance

benefit

Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin

Topics
Related Articles