COVID-19 LEGAL UPDATES: Stay informed with our latest advice and support for your business.

Home > News & Insights > Working from Home, Data Protection and Security Challenges

Working from Home, Data Protection and Security Challenges

Date: 31/03/2020 | COVID-19, Healthcare, Commercial Property, Corporate & Commercial, Employment & HR, Dispute Resolution, Energy & Natural Resources, Environment & Regulation, Planning, Residential Development, Infrastructure & Projects, Health & Safety, Construction, Business & Professional Services, Blogs

Working Securely

Businesses are facing many challenges right now and although a cyber-attack is never welcome, on top of everything else businesses can do without their systems being encrypted or data being lost. So, what can businesses do to ensure that their systems are not vulnerable to those bad actors who are sadly exploiting the situation.

Here are some practical tips provided by Davidson Chalmers Stewart linking into the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).

Encryption

All your portable devices should be encrypted. People working away from the office are more likely to lose devices or have devices stolen. Most modern devices will have encryption built-in but you must make sure encryption is turned on and configured properly.

You should also ensure that you can delete information on devices remotely.  Most information is backed up these days.

Remote Access

The NCSC recommends providing access to a company’s system through a VPN. This allows information to pass through a secure, encrypted network. VPNs must be patched and the NCSC has provided guidance for businesses using VPNs here.

If you are using RDP you must ensure that your server is only accessible by your staff to ensure that only your users can access the system. There has been a massive increase in attacks on RDP.

Multi Factor Authentication

If you can enable a second line of authentication, then do it on all software. This provides protection against the bad actors getting into your system through a brute force attack or accessing passwords through spoofing or malware. It is a simple way to effectively protect accounts. More information from NCSC here.

Patching and updates

It is still important to keep all software up to date and staff should be advised to do this on devices they are using away from the office.

Monitoring

There are many pressures on IT departments but it is so important to monitor your systems for anything suspicious. Modern systems have monitoring built in and there is simple guidance from NCSC here.

Phishing

There has been a massive increase in phishing emails and text messages.

This week I received a spoof text from DVLA saying that they owed me money and a real text from the Government directing me to information about the new rules in relation to the Covid-19. Both involved clicking on a link – but the DVLA one was too good to be true.

You should note that the Government can ask your mobile provider to send a message in an emergency but that bad actors have been spoofing these messages, so be careful. And the DVLA returning money to me would not be an emergency!!

So it can be difficult to discern what is real and what is not. There is some good advice from the national Cyber Security Centre about how to identify spoof messages here. And there is an online course for your staff which NCSC has provided here.

The bad actors are getting more sophisticated and use information about you from social media to make these messages more personal. So even if they use your name, be extra vigilant.

What to do if someone has clicked!

All staff need to know what to do if they do click on something suspicious. The business needs to encourage reporting issues without seeking to blame anyone. Studies often show that CEOs are just as likely to click on a bad link as anyone else in the company. But the company’s reaction can make a difference to a small issue becoming a much bigger one. So you must encourage reporting!

  1. Make sure everyone knows how to contact your IT department and encourage then to do so if they suspect that they have clicked on something they should not have.
  2. Open your antivirus software if installed, and run a full scan. Follow any instructions given.
  3. If anyone has been tricked into providing their password, all passwords should be changed on all accounts.
  4. If you have lost money, you should report it as a crime to the police.
  5. If personal data is involved, the consider whether to report this as a personal data breach to the ICO.  

​Please do get in touch if you require any advice about data protection or cyber security matters.

Disclaimer 
The matter in this publication is based on our current understanding of the law.  The information provides only an overview of the law in force at the date hereof and has been produced for general information purposes only. Professional advice should always be sought before taking any action in reliance of the information. Accordingly, Davidson Chalmers Stewart LLP does not take any responsibility for losses incurred by any person through acting or failing to act on the basis of anything contained in this publication.


Written by

Latest Updates

Want to get even more insight from Davidson Chalmers Stewart?

Keep your organisation up to date with the latest opportunities and changes in commercial law with regular insight and updates from the experts at Davidson Chalmers Stewart.
 

Let's Talk

A typical law firm? Not really. But a partner for the people and businesses we work with? Absolutely.

Our determination to do things a better way is nothing without our clients. So if you like what you see and think we’d make a good team, let’s talk. Pick up the phone and call us direct or make specific enquiries to our individual email addresses across the website. Alternatively use the form to submit general questions and comments.

Either way, we’ll get the message.

Edinburgh

t0131 625 9191

Glasgow

t0141 428 3258

Galashiels

t01896 550991