If there is one thing we have learned over the course of this year is that change is inevitable. And as Charles Darwin stated, “it is not the strongest of the species that survives, nor the most intelligent; it is the one most adaptable to change.” Thus, to “survive” companies need to be ready to make some adjustments. But with sudden and drastic changes, companies need to face new problems that they are not aware or prepared for.
This year, nearly all firms were forced to send their employees to work from home, which means that many of us had to replace our beautiful offices for our living room or the "glamorous" and “comfortable” dining room table at home (which by the way, I personally blame for my back pain).
Working from home has resulted in giving up the secure corporate infrastructure that safeguards all company data. Thus, it is very easy for companies to lose control over confidential information, which can cause serious and costly legal problems. So the question arises, which measures can you as CEO take to protect your organisation from data breaches?
You simply follow our five recommendations to prevent data breaches caused by your remote workers.
1. Holistic risk assessment: The first step is to block half a day in your calendar to conduct a holistic risk assessment to identify the data structure. You need to understand which employees have access to what kind of information and how they handle sensitive information. Once you know what type of information you need to protect and who has access, you establish a security protocol based on applicable legislation (e.g. GDPR or the revised FADP).
2. Data restrictions: Next, you need to restrict the number of people who have access to sensitive information to the minimum possible: for that you simply ask the question, “Which of my remote workers need access to confidential information in order to fulfil their job?” By limiting the number of people with access, you have more control and if a data leak occurs, it will be easier to detect and respond.
3. Employment contract adjustment: All employees that you grant access to sensitive information must have strong and enforceable confidentiality clauses or non-disclosure agreements in their contracts. If the existing contracts do not fulfil this norm, it is time to sign a non-disclosure agreement that includes a conventional penalty in case of infringement. This will not only serve to remind your employees about the importance of being careful and protecting such information (no matter where they are), but also shield your company and prevent information leaks due to carelessness.
4. Protocol & Training: Then education is your most powerful weapon in preventing and fixing a data breach. The drafted security protocol must include how to handle sensitive information and how to act in the event of a data breach. Focus especially on including a mandatory provision to immediately notify the superior in case of a breach. Everyone in the company must know this protocol. Reacting fast and informing the competent authorities will allow you to regain control of the situation and mitigate the damages caused.
5. Data protection soft- and hardware: In addition to mitigating the risk of a human error, you also need to take measures to protect your work equipment from cyber-attacks, which have increased dramatically over the last months. For that, you need to provide your remote workers with secure devices and the right tools to secure their home networks. Furthermore, you need to make sure that the installed firmware is up to date, a high-grade encryption for sensitive data is in place, antivirus protection is installed and a VPN services are used. If you do not know how to do this contacta cyber-security expert.
At Venturebruck, we may not be experts in technology, but we are in legal matters. Thus, if you want more information about your dataprotection obligations or if you want to know how to draft your confidentiality agreements, contact us! We will gladly help you protect your company'sinformation with the right legal documentation.
Your Venturebruck Team!