BSI marks Data Protection Day with advice for remote workers

As many employees continue to work independent of the office environment or in a hybrid office dynamic, the risk of data breaches continues to rise globally.

A recent reportˡ has highlighted a 19% increase in breach notifications per day in Europe in 2020 compared to 2019, and in Ireland in the last 12 months, 6,600 personal data breaches under the General Data Protection Regulation (GDPR) were notified. 

Data Protection Day is an international event aimed at raising awareness of privacy and data protection best practices. Given the volumes of data being processed and transferred through Ireland and the investment in technology and data centres, Ireland is currently third per capita in terms of breach notifications, demonstrating that data protection awareness is continuing to grow here.

RELATED: BSI forecasts 2021 cybersecurity trends

To coincide with this year’s Data Protection Day on 28 January, in its 40th year, the Consulting Services team at BSI outlines five data protection risks relating to remote working and how they can be reduced: 

1. Bring Your Own Device (BYOD): Employees own devices continue to be used for work purposes, and this has increased significantly due to the pandemic restrictions and working from home guidelines. It is vital that employees are aware of their organizations BYOD privacy policy and how to secure access to and store data
   
   
2. Privacy risks: Remote working has seen employees’ homes become extensions of their corporate offices. Employees’ privacy rights must be upheld, especially in the context of their own homes. Organizations are advised to consider the privacy and data protection rights of employees to ensure any mandate to install monitoring applications or surveillance software solutions are proportionate and balanced
   
   
3. Use of USB’s and printers: While the use of USB’s continues to reduce, there are still risks associated with them if left unattended at home. Employees should only use approved and encrypted devices and remove all company data from USB sticks no longer in use. Likewise, any work-related information printed via home devices should be held in a safe location or shredded and securely disposed if no longer required
   
   
4. Transfer of data: Any data that needs to be transferred should be encrypted and employees should only have access to the data required as part of their role. Employers are advised to set up virtual private networks (VPNs) to limit access if not done so already to keep data transfers secure
   
   
5. User authentication: Passwords to access organizational data should be updated on a regular basis to reduce the risk of unauthorized access. With many offices now operating entirely remotely, having practical supports for users to change, and reset their passwords is crucial. Layering additional controls such as multi-factor authentication is also essential

Conor Hogan, Global Practice Lead - Privacy - Cyber, Risk and Advisory at BSI said: “Data Protection Day is about raising awareness and implementing best practices for the protection of personal data.

"The pandemic has changed how we work, and employees have become more vulnerable outside the work environment, with many having to resort to use of their own devices to carry out their jobs.  We want to encourage organizations to take ownership of security and privacy obligations and support employees in implementing high levels of awareness around data protection when working from home.

RELATED: How to deal with escalating phishing threats

“Everyone needs to be assessing their data collection, use and retention practices regularly to ensure that standards and compliance are being met and risks are reduced.  Adopting a data protection compliance framework that is flexible for the hybrid office dynamic is advantageous along with focusing on continued employee training, controlled access, and encryption.

“Employers need to undertake robust data protection impact assessments (DPIAs) to ensure that data protection risks arising from the shift to remote working are identified and mitigated properly.

"Any decisions taken, such as BYOD reliance, use of remote working tools, or the remote monitoring of employees, needs to be balanced and limited only to what is necessary and proportionate. By developing and fostering a culture that respects privacy, organizations are enabling trust and strengthening their information resilience."

For more information visit bsigroup.com/cyber-ie