Under the impression of the corona pandemic, companies are detecting a significant increase in phishing attempts. Attackers even went so far as to use a forged COVID-19 map that looked like the official Johns Hopkins University issue to spread malware, and there are more than 200 new strains of Emotet discovered every day. This can become an acute threat for businesses when employees use their personal devices for work, as IT admins have no visibility e.g. into endpoint security or patch levels, or their operating system may not be supported at all.
Executives have to be the judge of how thin a rope the company can walk; at the same time, they’ll want to nip accusations of negligence in the bud.
Any processes that would typically happen on-premise should be added to your record of processing activities, including all related systems (VPN systems, operating systems, communication and collaboration tools). Also, off-premise processes should be flagged as a high risk, as they are much more exposed than user activities within your own, protected IT infrastructure.
Companies can rely on a powerful legal framework for such high-risk processes to evaluate the probability of data loss, manipulation and unauthorised access, and to implement appropriate measures in the three key areas of data protection and data security:
A swift implementation of mobile solutions was and is inevitable in order to ensure business continuity. As a consequence, many organisations have been making big strides towards digitalisation in recent weeks. And it’s quite clear that the new digital reality is not just a temporary solution. It is a new way of working that is here to stay. The way we’ve come to work also doubles as the perfect foundation for a gradual return to normality, and it’s high time to flesh it out with the necessary legal and technological safeguards for a time after.