Skaitykite straipsnį iš naujojo Baltic Business Quarterly leidinio: 2021 pavasaris.
By BDO Latvia experts Lāsma Kramiņa and Stella Kaprāne
Secure networks
Employees should be wary of all requests for information and verify sources, including unexpected e-mails or peer calls, use secure networks to access the corporate network, work with dual authentication and protection systems, and educate employees about various cybersecurity measures to ensure that remote access systems are fully patched and securely configured, as well as review tactical responses and action plans in the event of a cyber attack.
Zero trust principle
According to the principle of zero trust, the identity and access system not only requests information from the user, but also checks the device through which access is requested, the network signal, the data to be accessed and whether the applications used are patched and updated.
Providing data backup
It is recommended to perform regular (preferably automatically stored) and adequately protected data backups so that data can be recovered if it is lost due to a cyber attack.
It is advisable to make sure that the work-from-home policy is clear and includes easy-to-follow actions that enable employees to make their work secure.
Ensuring data security in work-from-home conditions
The burdens created by Covid-19 do not allow for compromises on data security. On the contrary, operators are required to take extra care to avoid risks. When it comes to business data security, two groups of data need to be distinguished:
- Business-related data, such as a commercial (trade) secrets;
- Personal data.
According to the Trade Secrets Protection Law, a trade secret is non-disclosable economic information, technological knowledge and scientific or other information that contains three features:
- It is secret;
- It has actual or potential commercial value;
- The holder of the trade secret has taken appropriate and reasonable measures to preserve the trade secret in respect of the particular situation.
It should be noted that the legislator has specifically emphasized that these features must be fulfilled cumulatively in order for information to be classified as a trade secret. This means that any business has a responsibility to carry out a data security risk assessment in the context of Covid-19 and to adapt the company's security system and other safeguards accordingly to meet the challenges posed by the pandemic. If this is not done, it shall be deemed that the holder of the trade secret has not taken appropriate and reasonable measures for maintaining the secrecy of the trade secret. For example, vulnerable videoconferencing links or hacked videoconferencing passwords can be used to access a company's network, and the use of insecure networks and vulnerable computers can be costly for employees.
Covid-19 and work from home has significantly increased the level of risk, which forces employers to act accordingly. Now more than ever, it is more important to train employees on data security and implement appropriate technical solutions to prevent mistakes. In addition, identifying personal data leaks and reporting if an employee has used his or her private computer for work purposes can be a particular challenge. It is therefore necessary to consider a solution to limit the use of private technical tools for work purposes.
When employees leave their computer and other technical devices unattended for a short time and at home, it is recommended to block access to these devices, as well as to educate partners and family members about cybersecurity. Children, pets, partners and other people living in the same household may accidentally create increased risks and potential cybersecurity breaches. When working with a variety of applications and video platforms, it's a good idea to use passwords and authentication tools, and to save passwords using secure password management tools, rather than standard applications and computer password storage settings.
Use trusted cloud access security brokerage services
Take care of the security of data stored remotely on your network and servers with additional data security cloud brokerage services.
Develop a cybersecurity breach action plan
Develop a plan with possible courses of action in the event of a cyber attack or a potentially increased risk of cyber threats.
Take care of personal data protection
Observe personal data protection requirements and reporting obligations in the event of a data leak.
This article belongs to Baltic Business Quarterly Spring 2021.