As if living and working through a global pandemic weren’t bad enough, cybersecurity professionals are reporting an increase in hacking and scamming, as well. With so many people working from home—and worried about everything from their health to their financial situation—hackers are capitalizing on a perfect storm of anxiety and vulnerability. Not only are more people working on systems with less security, those people are also desperate to find an answer to whatever ails them. This sharing of information—personal and otherwise—makes data protection more important than ever.
Still, as companies are forced to send their employees home to work remotely in the name of public health, what can they do to keep their data safe? The following are a few tips.
Evaluate Your VPN
Just because you require employees to use a VPN to sign in and access company data, that does not mean your VPN is up-to-date and secure. Studies have found that many corporate VPNs have vulnerabilities that their IT teams do not take time to patch. Hackers will actively seek out vulnerable endpoints in this time of high opportunity. Take time to update and patch your systems now and ensure that you have structures and processes in place to update them regularly moving forward. And, be sure you have enough security and bandwidth for the VPN to work properly.
In a recent episode of The Six Five podcast, Jen Felch from Dell Technologies shared that shoring up and expanding the VPN capabilities for the Dell global network of employees was one of the first priorities for her IT team. Several other major companies have mentioned the same thing.
Update Your Remote Work Policies
Your remote work policies are only as powerful as they are relevant. One recent report showed that nearly 25 percent of companies with remote work security policies had not updated them in more than a year. If that’s your company, now is the time.
Especially now with the current situation, does every employee understand what security protocols to follow to access company data? Be sure to take into account the current work-from-home scenario when updating the policy.
Train Your Team
Employee training is essential in keeping your data safe. A recent study of IT decision-makers showed nearly 40 percent felt cybersecurity training was the pillar of their company’s cybersecurity program. This should not be surprising. In fact, human error is at the heart of all phishing scams, and your employees are more vulnerable now than ever. Especially if you are one of those companies that offers data security and phishing prevention training once a year on a pass/fail basis, it’s likely your employees do not keep data security top of mind. Take time to communicate with them daily on the protocols needed to keep data safe when working from home.
As with anything related to data and technology, your systems are only as strong as your weakest link. With employees working remotely, that means many of the issues surrounding data security will be out of your hands. After all, you can encourage your teammates to work on a secure WiFi server and not to save sensitive information on their desktop, but it’s almost impossible to prevent these things from happening when your employees are working off radar. For this reason, be realistic about worst-case cybersecurity scenarios and, again, communicate the importance of home-based data security daily.
Data, especially that relating to COVID-19, is being classified as personal data and will be subject to strict compliance laws under the EU’s General Data Protection Regulation. Especially with the above issues in mind, before attempting to store this type of information at all, take a solid audit of the types of data you are storing and why. If it isn’t absolutely critical to your mission, remove it from your protocol.
Once you have the above data protection measures in place, then and only then should you communicate to your customers that you’re doing everything you can to keep their data safe. And, as always, you should be giving your customers an opportunity to opt-out of data gathering whenever possible.
This is an unprecedented time when we’re going to see the blurring of lines when it comes to surveillance and public health. Right now, tech giants like Apple and Google are working on ways to use personal information like mobile location and tracing to help spread the coronavirus. Once this pandemic is over, we will likely explore more conversations about the ethics surrounding the use of this information in the name of public health. Until then, however, it is all of our jobs to limit the amount of personal and private data being made vulnerable in the name of everyday business.
Again, I want to reiterate that the easiest way to ensure data protection is not to collect it at all. So, if your company does not have a clear and necessary purpose for collecting any of the personal data you are now storing on your servers (and which your employees are now accessing via somewhat secure VPNs), I’d encourage you to consider whether you need to hold onto that data at all.
The original version of this article was first published on Forbes.