Digital Transformation in every field of our lives has led to the increased collection of our personal data on every device we touch from laptops to mobile phones, to tablets, leaving a digital trail. This data is then used for various purposes such as targeted advertising, research proposes or even corporate espionage. But boundaries need to be set to avoid corporate or other malicious parties taking advantage of this information or even corrupting it.
For this purpose, the Doctrine of information privacy was coined in the late twentieth century. These laws are set to protect citizens’ privacy and they govern which data is being shared and where it is stored or collected and imposes restrictions accordingly. All companies are supposed to follow these laws and state their policies to the user. However, many companies impose confusing navigation setups and difficult language to display their policies which can be regarded as a misinterpretation of their services.
The “General Data Protection Regulation” applies to companies or businesses that receive personal information. This law was introduced after it became known that Facebook had been tracking information of its users even when they are logged out; not only that but also of other internet users that do not have an account on Facebook at all. This raised concerns regarding privacy protection and the European Union introduced a new law called GDPR which introduced new policies combating Facebook’s collection of data. Thus, any website going against these laws will be given a penalty. Some of the new policies included are:
Unfortunately, for many, GDPR is considered a failure. Among many consumers, GDPR is best known as an annoying series of pop-up privacy notices. In parallel, the astronomical penalties have failed to materialize. In fact, GDPR has created new bureaucracies within many corporations, and with those, tension and confusion. And it’s unclear if the EU data authority which oversees the law is adequately equipped to handle its demands. As Politico has pointed out, it appears that not only has the GDPR made the big tech companies more dominant, it’s now laid out the rules of the road by which they can introduce even more privacy-destroying offerings. For example New forms of data collection, including Facebook’s reintroduction of its facial recognition technology in Europe and Google’s efforts to harvest information on third-party websites, have been given new leases on life under Europe’s GDPR.
According to 2019 report by Ogury LTD - A staggering eight percent of consumers globally feel they have a better understanding of how companies use their data since GDPR's introduction.
Due to COVID-19, the work environment has changed in a very short period of time with many companies having shifted to remote work policies during the pandemic while also attempting to stay as productive as possible. This rapid culture shift has created many potential security threats due to the fact that for the first time, employees are working in an environment that’s largely unsupervised and unprotected.
Working remotely means that there are a greater number of attack surfaces to be taken advantage of as employees are often forced to work on their own devices. This means introducing new operating systems and interfaces that require their own dedicated support. These devices, more often than not, are operating without any virus protection, without firewalls, without anything protecting logins, and without many other standard protection software. Some ways criminals have exploited these new remote workers are:
Such cyber-attacks can cause reputation damage but also real immediate monetary damage to businesses who's data has been corrupted or locked. As such, companies must focus on the complete supply chain and the cyber-security position of vendors in their particular data-chain. They need to make sure that the individuals they are subcontracting certain services to hold the highest of security standards during the pandemic and protect themselves from online threats.
Organizations need to redefine their security standards and remote access policies in order to keep company data secure. Additionally, they must train and educate their employees about the new threats, how to combat them, and when they should contact the IT department. Here are some examples of some prudent policies that should be put in place:
Covid-19 will hopefully eventually end, but remote working is here to stay. As such, its critical that organizations establish secure and well thought-out remote working infrastructures just as they would for their physical locations.
Direct access to our ideas and strategies. No Spam. Unsubscribe any time.