The COVID-19 pandemic has caused a seismic shift towards digital interaction throughout our lives. Remote working became mainstream overnight across thousands of businesses, with virtual meetings and collaboration tools becoming necessities for work and keeping in contact with loved ones. Businesses (and their IT partners) have had to quickly and urgently adapt their business processes, in some cases changing their policy on remote working on-the-fly to keep their businesses functional.
In addition, businesses have faced a massive challenge of how to keep their businesses going during the pandemic? With many businesses drastically changing their operating model overnight, shifting online and virtualising their business, furloughing staff to keep costs down and streamline their cash flow.
In short, the COVID-19 outbreak has been the single biggest driver for digital transformation in living history.
This frenetic pace of change across every business has its challenges, especially when it comes to information security and compliance. Businesses are changing their processes on the fly, capturing new information whilst trying to keep their staff safe by ensuring they check-in with their employees for any cases of the virus amongst staff. Staff are working from home or using their personal devices or new and unfamiliar IT systems. All of this when a businesses focus is on staying alive, more than if they are compliant or secure.
The pressures put on businesses are well understood by regulators. The ICO has published its guidance regarding data protection during the outbreak stating that:
We must reflect these exceptional times. We will continue to recognise the continuing importance of privacy protections, and the value of transparency provided by freedom of information. These rights are a part of modern life we must not lose. But my office will continue to safeguard information rights in an empathetic and pragmatic way that reflects the impact of coronavirus.https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/04/how-we-will-regulate-during-coronavirus/
But with that said the ICO has made it clear that it still expects businesses/charities and volunteer groups to adhere to data protection law and consider the impact on privacy when changes are being made.
At the same time, scammers and cybercriminals are ramping up their campaigns using COVID-19 as a means to trick unwilling victims, which can seriously impact a business already under pressure especially if the criminals take advantage of changes made to business processes where security and data protection were not considered or controls are not yet in place.
Staying secure and compliant during the outbreak and into the future
We’re working to help ensure businesses are supported during this outbreak and into the future, whether it’s simple advice, training or consulting on helping businesses improve their security.
For now, here are 5 thing to consider now to help stay secure and compliant during the outbreak:
- Review your remote working policy and guidelines.
- Consider securing any new IT systems or services purchased after the outbreak began.
- Review your data privacy practises, especially if you are capturing health information about your employees.
- Now is the time to refresh your security awareness training to employees, especially with any changes made since the outbreak.
- Don’t be afraid to ask for help.
Over the coming weeks, we are going to be exploring the subjects above further and providing additional guidance and support to businesses affected. Be sure to stay tuned as we work to secure the new normal!