*By Richard Montbeyre
In the past year, Covid-19 has had a major impact on privacy and security. With the vast majority of the workforce now entering corporate systems remotely, companies must maintain confidentiality and ensure that the company is protected from unauthorized access.
The replication of a secure environment for remote work devices has therefore become crucial to protecting the assets of an Autonomous Digital Enterprise (ADE - autonomous digital company) - such as the creation of containers within devices that meet the security standards of the company. company, allowing employees to securely access corporate systems with personal devices.
Technical means, including VPNs and multi-factor authentication, can also help protect devices at home, while services and tools like reporting, help lines and escalation mechanisms can help employees when it comes to data security. With these adaptive cybersecurity measures in place, any vulnerabilities, breaches or hacks can be detected almost as quickly as if everyone were in the office.
Finally, having strong and adaptive security practices in place can ensure that your company's data privacy is optimized and all sensitive corporate data is securely stored.
Unfortunately, employees often feel less bound by the company's security and data protection policies when they are not in the office. However, it is vital that they remain vigilant. Having the right awareness training can help improve data security and help employees recognize attacks that target individuals, such as phishing scams.
With a combination of technical measures and situational training, employers can keep awareness levels high and transform the capabilities of remote workers to ensure that they still comply with data privacy regulations while working at home.
Despite the global pandemic, data protection remained a vivid issue for autonomous digital companies in 2020, with persistent activism from independent regulators. Data breaches are in the news every week, and regulatory fines are now in the tens of millions.
People are encouraged by data protection regulations to challenge the services they receive, even when provided free of charge. Major political changes, such as Brexit, add to the complexity of international data flows, as well as the invalidation of the EU-US Privacy Shield Framework and emerging regulations around the world. As a consequence, privacy risks have become a fundamental decision criterion for organizations that entrust personal data to vital service providers, and not just to a competitive advantage.
In addition to a consolidated due diligence process and regular checks, organizations are increasingly dependent on recognized standards that not only demonstrate their providers' ability to maintain privacy compliance, but also help to speed up procurement processes. Customers must remain aware of the scope of the certifications and ensure that they effectively apply to the services they have subscribed to, as well as anticipate the eventual expiration or loss of such certification.
Widely recognized standards and certifications include:
- Data Binding Corporate Rules (BCR-P) officially approved by EU regulators;
- ISO Standards for Security and Privacy, such as ISO 27701 for Privacy Management, 27017 for Cloud Security and 27018 for Cloud Privacy;
- SOC and System Controls reports for cloud-based data hosting.
* Richard Montbeyre, Chief Privacy Officer at BMC Software
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies