By Pierre Aurel, Synthesis Senior Consultant and Product Manager.
COVID the Catalyst…
This has been a year of disruption, confusion and now a new ‘normal’. COVID-19 is here for the foreseeable future, and that means humans need to adapt to new circumstances like Working from Home (WFH). Almost every industry has embraced this as an effective way of keeping staff safe, remaining operational and controlling costs during global economic downturn.
WFH offers many benefits to both employer and employee, but there are hidden dangers too. The need to enable remote access while protecting confidential company information sent every organisation scrambling. Focus was primarily on how to control access over secure Virtual Private Network connections and protecting employee devices with advanced anti-virus software or anti-malware tools. In short, they were mitigating the risk of a potential data breach due to unauthorised access.
These efforts should certainly be commended, continuous improvements to the security posture of an organisation are critical in this cyber-driven world. There are, however, less obvious risks associated with WFH that may have been overlooked.
When signing a contract of employment, the employee agrees to honour company confidentiality and its intellectual property. This extends further by protecting information shared with them during various negotiations with other businesses or customers. This is always protected under some form of Non-Disclosure Agreement (NDA) that the employee is part of.
With the Protection of Personal Information Act (POPIA) having finally come into force on 1 July 2020, data protection is now more important than ever. Non-compliance can include penalties up to R10 million, civil proceedings, and even jail time in some circumstances. This has fuelled a significant amount of effort around securing data, implementing best practices for access, storage, encryption, and use. While cybersecurity solutions are forming an integral part of this strategy, decision-makers should not forget about the dynamics introduced by a remote working environment.
The Daily Breach.
If you work from home, you could unintentionally be contributing to a data breach.
The unprecedented COVID-19 pandemic became the true catalyst for WFH and meant that most living situations were not prepared for the remote work that it heralded. Workspaces at home range from sharing dining room tables, coffee tables, patio’s, and other rooms in the house. All while context switching between being a working professional and a super parent caring for their children. Unlike trusted corporate office spaces, it is almost impossible for family members, spouses, or partners not to overhear work conversations, especially given the rise in video meetings. Inevitably, work documents are also left on a desk or on-screen where anyone else in the home could see and read confidential information.
Some might think the risk negligible or unlikely, however, there is ultimately another person gaining access to confidential information – and they are not part of any NDA to protect that information. This is the ‘Daily Breach’ happening in every home across the globe.
When family members work in the same industry, or even at competing organisations, this risk increases exponentially. Of course, the compromise does not stem from any malicious intent. But it may plant the subconscious seed that leads to the emergence of a competing idea or product. Thoughts about stolen intellectual property may emerge with little to no understanding of what or who caused the breach.
To mitigate the daily breach, companies must have open conversations with their employees about confidentiality, especially those who mostly work from home. Much like understanding safe cybersecurity practices, they must be made aware of the potential risk when it comes to work conversations and documents. Realistically, this is not an easy problem to solve especially when the home is an inherently different environment to that of the office. Many people do not have the luxury of having private rooms that can be dedicated for work. Even less have multiple rooms to cater for private workspace for each family member. However, the employee must have an honest discussion with family members and explain the sensitivity of the information they are discussing.
Of course, this could potentially provide the scope necessary for employers to highlight POPIA in a more unique way to staff who might already suffer from data breach fatigue. Ultimately, everything the organisation does must be geared towards knowledge of best practices and how to protect all the sensitive information available to them, no matter the environment. As employees navigate the new normal and all it entails, their knowledge of these potential risks will ensure better safeguarding of information.