Ruby Gichuri,
Data Protection Business Development Executive, South-End Tech Limited
Monday 15th May 2023
The paradigm shift toward remote working began when the COVID-19 pandemic broke out. However, many businesses opted to continue operating using a distributed workforce. Though remote work has a lot of advantages, it also raises concerns about data protection and privacy.
Remote working requires implementing new security standards different from those used when all employees are in one centralized location. The new requirements are mandatory for those organizations that need to maintain data privacy & security according to relevant data protection laws and regulations.
Managing a remote team while ensuring the integrity and confidentiality of your client’s data may seem like a daunting task, but here are some tips to get you started:
- Draft/Update your cybersecurity policy
Employees may not be aware of data security issues and how a simple mistake can open up a vulnerability and lead to a data breach of personally identifiable information, which the law mandates data processors and data controllers to protect.
A cybersecurity policy that provides guidelines to your employees on keeping your business’s data safe is a fundamental tool in data protection. Your cybersecurity policy should not be a complicated document. It should simply explain how you process data from the onset of collecting, storing, and deleting personal data. It should also lay out a step-by-step guide of the security protocols the employees should follow; in case a data breach occurs, such as the NIST cybersecurity framework, which provides you with a set of best-practice guidelines for all stages of threat identification and mitigation.
- Train your staff
Most times, data breaches occur due to human error. As much the employees may find the training boring, they are effective!
Implementing your cybersecurity policy goes beyond the drafting and signing of the document. Your employees need to understand how it applies to their day-to-day work. Expecting them to read it and immediately grasp the new cybersecurity policies and tools while working from home may not be effective. The team in charge of your cybersecurity and the Data Protection Officer (DPO) should arrange company-wide training sessions on the new policy. It is also advisable to have assessments to ensure your staff has understood the policy and re-fresher training to remind them of the fundamentals and up-skill them if need be.
- Control access
Revisit your company information security policy on access control to ensure you know who in your company has access to sensitive data. Employees should have limited access to the data they need to complete their daily tasks. Limiting data access for each individual can mitigate the damage one employee’s security lapse can cause.
- Secure connections
Public Wi-Fi without a Virtual Private Network (VPN) is unwise if your work deal with sensitive data. Public Wi-Fi is susceptible to intrusion fraudsters and monitoring.
Your company should also use a corporate virtual private network (VPN) to limit access to your sensitive data. With a virtual private network (VPN), your employees can access your company’s network safely and securely because your corporate VPN will encrypt their connection to your servers. A virtual private network (VPN) protects the personal data you are responsible for in transit due to the encrypted tunnel of the business VPN. Additionally, it will stop attackers from getting to your servers.
- Encryption
Encryption scrambles data so that only authorized parties can understand the information. Encryption converts human-readable plaintext to incomprehensible text, also known as ciphertext. Encryption requires the use of a cryptographic key. Unlike working remotely, working from an office where your cybersecurity team can manage server security and monitor your network is effective in keeping sensitive personal data through encryption.
Hard drives on all the devices your employees use require encryption. There is also third-party hard drive encryption software, such as VeraCrypt, that will work on a wide variety of devices.
Encryption is an important technical safeguard when it comes to cases of loss/theft of work devices. It ensures that outsiders will not be able to access the information on the hard drive, as much as they have the device.
Companies must also ensure that their policies and procedures are in line with applicable laws and regulations.
By following these measures, businesses and employees can enjoy the benefits of working from home.
Contact: Mr. Derrick at +254115867309 or Ms. Cindy at +254728223333, or Ruby at +254721973883
Website: www.southendtech.co.ke
