IT security specialists deal with threats everyday, this is part of their daily work in an ever-growing business. But with the recent, unprecedented move to employees working from home, are security teams focusing enough on the potential issues that employees can create while working remotely during this heath crisis? Specifically, are privacy issues being sufficiently reviewed before new technology is implemented?

 
Whether it’s HR, sales, finance, marketing, etc., employees in all departments expect to be able to continue their professional activities from the comfort of their own homes. As employees shift to working from home, organizational leadership expects IT teams to understand how any one of a number of privacy regulations apply when the workforce is no longer protected behind the proverbial corporate firewall. While remote/mobile workers are not new, the sheer scale caused by the COVID-19 pandemic is forcing IT teams to test the limits of many internal policies.

 
In healthcare, for example, where HIPAA and HITECH have long enforced protection of patient information, employees that previously would never have been allowed to work from home, are now safely ensconced in their home office with potential access to vital patient data. The Personal Information Protection and Electronics Documents Act (PIPEDA) in Canada regulates how Canadian organizations collect, use and disclose an individual’s personal information. The Payment Card Industry Data Security Standard (PCI DSS) regulates merchant or a service provider storing, transmitting, or processing cardholder data (especially with cash payment declining) in order to ensure card data remains safe. But now, with employees moving in droves to work from home, the scope of data for any of these compliance frameworks has been dramatically expanded and the methods of sharing this data are being stretched to their limits.

 
All organizations, whether beholden to a regulatory framework or not, should be very concerned about accidental personal and sensitive data disclosure through the usage of sharing tools. Recently, a very popular video conferencing solution has made the headlines for all the wrong reasons. Between a privacy policy that states customer data is not very “private” or a known issue where video conferences could be easily hacked, this company is finding that being the darling of the tech world comes with a price. Consider both scenarios where employees now have the potential to share information, such as the COVID-19 health status of employees, through such tools. Insecure tools can result in personal data leaking into the unknown realms of the internet, never to be recovered again. Some of these products will take it all, words spoken, transcripts generated, videos, documents shared on screen, names of participants, your face and the background attendees are sitting in front of. The terms of use allow these sharing tools to gather and re-use information collected at the time of usage and thereafter. Regulatory frameworks very likely consider this information sharing unacceptable.

 
Information sharing is vital, especially with the workforce now spread across the globe. Everyone using any “sharing” tools, which includes social media, should consider whether business-sensitive or personal information is required for the conversation at hand. Security teams must also perform a thorough review of all sharing tools, including the review of data privacy policies as well as known application vulnerabilities, before deciding whether to implement the tool. In times like these, you can’t be too careful with personal information.

GoSecure Titan® Managed Extended Detection & Response (MXDR)​

GoSecure Titan® Managed Extended Detection & Response (MXDR)​ Foundation

GoSecure Titan® Vulnerability Management as a Service (VMaaS)

GoSecure Titan® Managed Security Information & Event Monitoring (SIEM)

GoSecure Titan® Managed Perimeter Defense​ (MPD)

GoSecure Titan® Inbox Detection and Response (IDR)

GoSecure Titan® Platform

GoSecure Professional Security Services

Incident Response Services

Security Maturity Assessment

Privacy Services

PCI DSS Services

Penetration Testing Services​

Security Operations

MicrosoftLogo

GoSecure MXDR for Microsoft

Comprehensive visibility and response within your Microsoft security environment

USE CASES

Cyber Risks

Risk-Based Security Measures

Sensitive Data Security

Safeguard sensitive information

Private Equity Firms

Make informed decisions

Cybersecurity Compliance

Fulfill regulatory obligations

Cyber Insurance

A valuable risk management strategy

Ransomware

Combat ransomware with innovative security

Zero-Day Attacks

Halt zero-day exploits with advanced protection

Consolidate, Evolve & Thrive

Get ahead and win the race with the GoSecure Titan® Platform

24/7 MXDR FOUNDATION

GoSecure Titan® Endpoint Detection and Response (EDR)

GoSecure Titan® Next Generation Antivirus (NGAV)

GoSecure Titan® Network Detection and Response (NDR)

GoSecure Titan® Inbox Detection and Reponse (IDR)

GoSecure Titan® Intelligence

ABOUT GOSECURE

GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Extended Detection and Response (MXDR) service. For over 20 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MXDR and Professional Services solutions delivered by one of the most trusted and skilled teams in the industry.

LATEST PRESS RELEASE

GOSECURE BLOG

SECURITY ADVISORIES

 24/7 Emergency – (888)-287-5858