Data Protection Best Practices When Adopting New Technology For The Workplace

Hand holding a phone displaying a message stating “VPN protected”.

The Covid-19 pandemic has changed the business landscape. As offices closed doors and employees started working from home, businesses underwent a digital transformation rapidly. With the rapid adoption of new technologies, business owners need to increase their data protection practices to avoid data breaches and other cybersecurity attacks.

According to a recent McKinsey Global Survey of executives, many companies have accelerated their operations' digitization by three to four years. Unfortunately, most businesses are new to digital transformation in the workplace. According to another survey, 56% of business owners discovered gaps in their digital capabilities that impacted their plans to transform. Moreover, with the rise of cloud-based services, there is an increased risk of cybersecurity breaches. As more and more companies are reimagining their workplaces, it has become crucial to implement effective data protection practices.

Whether you own a small business or run a big company, ask yourself:

How can I keep data safe when adopting new technologies for my workplace?

In short, do the following:

  • Be vigilant in selecting technology.
  • Be transparent regarding data usage with employees.
  • Teach good cyber hygiene
  • Have a business continuity plan

Before I discuss these actionable measures for data protection in detail, let’s dig a little deeper into the problem.

Rapid transformation brings higher security risks

The advent of remote working came with an excellent opportunity to embed more technology into the workplace to improve employee productivity. While this digital transformation enabled businesses to stay operational, the rapid transition to digital solutions increased the risks of protecting sensitive data.

For every technology added to a business’s network, an opportunity emerges to compromise:

  • Accessibility and availability of data
  • Confidentiality of the data
  • The resiliency of the network

Unfortunately, the novel coronavirus has brought cyber thieves out of their cocoons. We witnessed a 350% rise in phishing emails and websites. Not just that, about 6 in 10 organizations faced a significant risk of cybercrime in the past year. These figures mean your company’s and workers’ data is at a higher risk of being stolen.

Such privacy pitfalls can ruin your entire business. With the average cost of cybercrime at $13 million, it is imperative to take the right precautions. Here are some recommendations:

Be Vigilant When Choosing Workplace Technology

From health information to financial information, businesses have a lot of sensitive data traveling on their networks. One of the biggest challenges with protecting data across the network is to avoid any possible breaches through their technology suppliers’ networks. In a Gartner, Inc. survey, 52% of legal and compliance leaders showed concerns that cybersecurity breaches are among the most critical third-party risks their organizations face.

Yet, many businesses may overlook the due diligence of technology providers when pressed for time. For instance, a company could skim over Data Processing Agreements (DPA), which could provide insight into potential risk areas with a provider.

DPA agreements grew in use due to GDPR (General Data Protection Regulation) in the European Union. A DPA is a legally binding contract that clarifies the parties’ rights and obligations involved in sharing and transferring information. Specifically, a DPA can indicate how the provider handles data and whether the provider is privacy compliant. These agreements could be a convenient tool to assess risk. You can learn more about what to look for in a DPA here.

Another approach to being vigilant with technology providers is to request they anonymize, if possible, the data utilized with their service. For example, if you need to maintain the number of people within an area, then do so without using those individuals’ names in an area.

Be Transparent With Employees on the Usage of Data

With the digital transformation of workplaces, many employees risk exposing personal data unintentionally to their employer’s network.

According to a Pew Researcher Center study, about half of Americans feel that employee privacy is not as secure as it should be. To counter these privacy concerns, companies should have privacy policies that clearly state what data is private and the methods taken to maintain privacy.

However, data protection is a two-way street. Employees need to do their part to protect sensitive data. Shreddit’s Information Security Study found that 69% of breaches involved accidental misuse of data by employees.

An informed employee base reduces the risk. Try not to leave any phrases open to interpretation and be as precise as possible to avoid confusion. It can take only one employee to create a data breach to risk other employees’ lives and livelihoods.

Especially during these times, be transparent with your employees to help them feel safe. This transparency includes detailing how you protect their personal data, particularly their health conditions, physical movements, or data on their devices.

Teach Everyone Good Cyber Hygiene

In the new normal, the way businesses operate is primarily dependent on information technology, or “cyber.” Therefore, companies must embrace the idea that these changes will last much longer and that they will need to be proficient in everything cyber. With a “cyber mindset,” businesses can thrive even in the most challenging times.

As part of adopting a cyber mindset, it is crucial to make it a part of your company culture and encourage your employees to understand how crucial data protection is. Offer them concrete solutions for data protection and privacy training, just like the rest of their skills training.

A survey found that most employees that shared sensitive data did so because they lacked the tools to share data securely. When all the employees know how their sensitive data is kept safe and have the means to protect it, they will work more comfortably.

Furthermore, you can also appoint a “cyber” team consisting of trained employees to make data protection decisions. They could provide quicker technology and policy decisions with any digital transformation versus decision-making across multiple departments.

Have a business continuity plan

If your network is breached or your business is held hostage by a ransomware scheme, having a solid business continuity plan is critical to avoid costly business disruptions. In fact, according to an IDC report, business interruptions can cost an average of $100,000 per hour in lost revenue.

Many businesspeople confuse business continuity with data recovery. A business continuity plan involves all of the business processes required to keep a business functioning after an interruption. Data recovery relates to the process of backing up and restoring critical business data. Some of the causes of business interruption include natural disasters (hurricanes, earthquakes, fires, etc.), cybersecurity attacks, and business closures required by government action (i.e., COVID-19 related shutdowns). If you have a solid business continuity plan in place and suffer a ransomware attack, replacing your server and restoring data may be less costly than paying a ransom. Securing a cybersecurity insurance policy will also provide peace of mind and give you access to legal support and resources. Check with your accountant or insurance provider since general liability policies may or may not cover the loss of data or software.

Key Takeaways

With the rise in digital transformation, data protection is essential. Even after employees go back to offices, chances are most processes will stay digital.

Therefore, as an employer, be mindful when choosing technology providers and evaluate how they use data. You must also have a business continuity plan to ensure your business is operational as fast as possible. Having a solid data backup and recovery process is an important part of that plan. Data protection and cybersecurity is a multi-layered process, and to fully incorporate that, it must become a part of the company’s culture. In the new normal, employers need to be transparent and empower their employees with cybersecurity knowledge.

In brief, be vigilant, be transparent, be informative, and stay cyber-safe!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chuck Piccirillo

Chuck Piccirillo

3 Followers

Marketer | IoT Thought Leader | Techy | Gamer | Helping leaders realize a connected, sustainable future: meet.smartbuildingconsult.com