May 19, 2020
With the recent “circuit-breaker” measures in place to slow the pandemic spread in Singapore, many Singaporeans are now working from home. Away from a trusted office environment, working remotely from home presents additional security risks. In light of these constant threats, we have come up with some quick and affordable tips to bolster your data security.
Companies should continue to educate and remind employees about appropriate handling and protection of sensitive data, even when out of the workplace. Additionally, the company is required to appoint a data protection officer (DPO) who can oversee the organisation’s data responsibilities and ensure compliance with the PDPA.
However, data protection is not just the responsibility of the DPO alone. Every employee should understand the rationale behind the measures, and the role they play in keeping data secure.
Media outlets such as Straits Times have recently reported on scams targeting Singaporeans, such as bogus technical support staff and scams taking advantage of the ongoing COVID-19 situation to extort money and other financial details from unsuspecting victims.
Businesses can mitigate this risk by updating staff up-to-date on the latest happenings, such as by issuing company advisories to guide them on what these calls entail and what to do if they receive such a call.
To decrease the security vulnerability of corporate networks, companies should ensure that all electronic data on company hardware is encrypted so as to prevent unauthorised access to any sensitive information1 in the event that the media is lost. The management and protection of the encryption keys are also essential to keep the data secure. There should also be a periodic review of the encryption method to ensure that the industry recognises it as relevant and secure.
According to an OpenVPN2 survey, 25% of employees admit that they use the same password for every enterprise system they regularly access. Because of the tendency of people recycling passwords, hackers often took advantage by using a password they tricked to access other accounts by the same user.
Employees should change their passwords regularly and have different strong passwords for different platforms they use. In addition, companies can mandate the usage of two-factor authentication, which provides an added layer of security in case a login password is guessed or breached.
Leaving sensitive documents unattended or tearing such documents up before dropping them into the waste bin poses a major security risk. The personal data can still be recovered as these pieces can be reassembled easily.
Personal data on the physical medium must be “destroyed” in a way that makes it unreadable or irretrievable. Companies should introduce a Shred-it All Policy to prevent confidential documents to lower the risks of unauthorised access, including engaging trusted data disposal services such as Shred-it.
Data protection is something that should be taken seriously by not just an organisation’s DPO, but by every member of the organisation. Taking a proactive approach is the right way to mitigate the risk of a costly data breach, as it can happen to anyone, any time. Find out more about how Shred-it can assist your corporation in securing your documents and hard-drives by contacting us for a quote.
Disclaimer
This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.
1Personal Data Protection Commission (2017). Guide to securing personal data in electronic medium [PDF file]. Retrieved April 8, 2020, from https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Other-Guides/guidetosecuringpersonaldatainelectronicmedium0903178d4749c8844062038829ff0000d98b0f.pdf
2Madsen, N. (2019, January 31). Employee Behaviors Have a Direct Impact on Corporate Cybersecurity. Retrieved April 8, 2020, from https://www.privatetunnel.com/news/employee-passwords-cybersecurity-study/