Tips on Maintaining Your Company’s Data Security While WFH
As the Covid-19 outbreak spreads rapidly throughout the world, companies are flocking to apply their work from home (WFH) policies for their employees. WFH brings a new challenge for businesses in the midst of the pandemic, especially in regard to the company’s data security. What are the threats to data security and what are preventive measures that your company can take?
Integrity Indonesia’s Head of IT Michael Santoso said that all efforts taken to maintain data security should adhere to one or more of the following key concepts; confidentiality, integrity and availability.
“Confidentiality refers to the protection of data from unauthorized parties. Meanwhile integrity is about protection of the data from being altered by unauthorized parties. And availability means how to ensure the data is available for authorized parties to access,” he explained.
Phishing is a prevalent scam method that is a threat to the key concepts stated above. Phishing is a form of business theft of personal or company data, where a fraudster would ‘fish’ or deceive recipients into providing them data, including usernames, passwords, addresses, credit card data, PIN / OTP, and other personal information. Fraudsters can conduct phishing through fake emails, malware, and websites.
For example, an employee receives an email containing information on Covid-19 or information on health products that could be easily ordered at affordable prices. In the email there is a link to a page where the email recipient must enter their personal data. If the employee fills out the form, the data provided can be misused. Or the fraudsters could also send an email containing a link asking the employee to download a file that contains a malware. If the employee downloads the file, then the data in the device – including company data if any – is exposed to security risks such as data stealing.
Michael said that it is important for the company to educate employees about what phishing is, how it is done, and what must be done to avoid being a victim to phishing.
“In addition to education, employees are expected to be proactive in avoiding phishing. For example, don’t easily drop your email address in online forums. Also, don’t hesitate to ask the IT department if you receive an email that looks important, but suspicious at the same time,” he explained.
Data confidentiality is an issue that companies often deal with when it comes to working remotely.
“For example, some companies may allow their employees to use their personal laptops to connect to the company‘s servers. During the course of their work from home period, they may need to copy the data from the server to their local computer. However, they may forget later to delete the data from their personal laptops. This may lead to the company’s data to be exposed to risk.” said Michael.
In addition to signing a consent letter in order to prevent employees from copying data from the server, Michael also suggested that companies should equip their employees with company encrypted computers and should also try to minimize the chance for their employees to copy data while they’re working.
“At Integrity Indonesia we provide our employees with the company’s encrypted laptops and for our employment background screening activities, we use the Prisma Screening Application where all reports for clients are made in the application without the need to type in Word applications installed on local computers. That way the data is safer” he added.
Prisma is Integrity Indonesia’s screening platform that can be integrated with our client’s HR information systems, thereby minimizing the need to transmit information through emails.
The Covid-19 pandemic has urged companies to adjust their usual business practices and encourages WFH. Therefore, this change needs to be dealt with extreme care by companies, especially in regard to data security.