Published on Friday, April 3, 2020 - 13:51 by Cameron Troake
COVID-19 Cyber Risk and Data Privacy Response Service with IT Governance & GRCI Law
The shift to home working introduces many considerations for GDPR compliance. As businesses adjust their day-to-day operations, there is an increased risk of data breaches and other GDPR contraventions.
The pandemic also presents significant cyber security challenges, with cyber criminals taking advantage of workplace disruption to exploit vulnerabilities and compromise systems.
Strengthen your COVID-19 response
We have teamed up with our sister companies IT Governance and GRCI Law to offer a unique support service which draws on the strength of the three specialist consultancy teams in the GRC International group. With this service, we can help you:
Our sister company IT Governance also has everything you need to help you manage your business through the outbreak, including affordable training, tools, tests and guidance.
Looking for something else?
If you have recently changed your processes to support an increased number of home workers, we can help you make sure your new processes are as safe as your usual ones. We work with organisations of all sizes to help them build effective processes that mitigate risks and stay compliant with the regulations.
If any of the situations and challenges below apply to your organisation, please do get in touch. We can provide a range of bespoke solutions that align with your specific business needs.
It is absolutely vital that if your employees can work from home right now and they should do so for as long as we are advised - but did your organisation have the time to properly assess its risks before it implemented its working from home practices?
Your organisation may have had to select and roll out software quickly, and it may also be outside your normal policies on remote working and use of personal devices. Now the immediate need to change is over, it’s time to update your policies to fit this new world and get your organisation back inside its risk comfort zone.
People working remotely will often find themselves suddenly having far fewer interactions with line managers and the expert support teams they usually have access to – such as IT and security staff. They may also find themselves doing things that would normally be done for them, such as installing software, changing WiFi settings or changing processes.
Protecting your employees and customers from one threat does not mean you should expose them to another. As has been widely publicised, scammers in particular are looking to take advantage of this period of fear and uncertainty, and companies that are a little more vulnerable than usual will be a key target.
Understand your risk profile and take action
Do your policies need updating as a result of this sudden change in working environment? Are your processes and practices robust enough? Does every employee understand how to protect themselves against the increased risks that remote working can bring?
Our consultants can help your company understand its current risk profile and prioritise the actions that need to be undertaken to best protect your employees and customers as quickly as possible. We can help assess your remote working practices and outline the straightforward actions that will make the biggest difference.
We can help you review and update your policies and documentation, to help you reduce the real risk of data problems such as a privacy breach or process failure.
More employees working from home means people will potentially be accessing and processing information outside of your organisation’s normal physical security perimeter. They may be doing this via a shared home network which may not be as strongly defended as your organisation’s – especially if a household has vulnerable IoT devices connected that could become a target for hackers.
There is also a risk that information could accidently or intentionally be misused whilst your employees work from home and outside of the organisation’s line of sight. You will need a variety of Data Loss Prevention (DLP) techniques in place, so you can quickly identify when a data leak occurs and act immediately - cutting down on the time the breach is undetected and the situation aggravates.
Monitor your data
TechRadar Pro has listed our data monitoring platform BreachTrak™ as one of the best products to help businesses navigate the ongoing pandemic, alongside services from organisations including Google, Microsoft and Apple.
BreachTrak(tm) is an easy-to-use tool that lets you monitor exactly how your data is being used, and we're offering all organisations a free three month subscription so you can check your new processes are working, and monitor for any data leaks or misuse during this period where the risk of a data breach is higher.
We'll give you secret ‘Trakkers’ that look just like real contacts which we monitor, so we can tell you exactly what emails, phone calls and post go out to your contacts. We even check the Dark Web in case your data has been stolen. All this is then reported back to you in a straightforward dashboard so you can see exactly what happens to your data.
Breachtrak ™ lets you keep an eye on your data even when it moves beyond your direct control. Whenever you send it to third-party, our secret Trakkers let you check exactly how it is used – so you know immediately if there is problem.
Not only do we tell you how your data is used, we also check for ‘red flags’ and if we find one, we alert you immediately by sending a notification straight to your inbox
The coronavirus lockdown means that many organisations are now relying more on their websites to find and serve customers than ever before. Online tools give organisations the potential to collect contact details, provide targeted marketing and learn more about how people use their websites and shop online.
However, GDPR rules mean it is essential to make sure that you implement those tools correctly or all those benefits may be lost. If your cookie banner does not work correctly, you may not be able to keep and use the data you collect – or you may not be able to collect it in the first place.
Ensure your website and cookie practices are compliant
Our consultants – many of whom come from a digital marketing background – can review your current online tools and help you make sure they work for your organisation. We can help you protect your online business by making sure that what you do complies with the law and – just as importantly – achieves your business objectives.
If you are interested in any of our services then please either use the contact form or contact us via of the methods below: