Last week’s Alert pointed out hacker opportunism taking advantage of emergencies, as recorded in these Coronavirus times. There are many profiles of increased vulnerability in this situation:
- work outside the corporate context, where the level of protection – physical and logical – is certainly higher than the domestic level
- presumably applying unusual behavioral thresholds in the performance of work activities: the employee who works from home naturally feels freer and more autonomous to be induced to behaviors that, in the company, are not considered relevant, such as surfing the internet on websites that are not professional or paying less attention in the use of devices used for work purposes
- the user is more easily the target of malicious attacks and these can more easily be successful, both due to the lack of barriers typically present in the corporate information system and to the less attention that the user can pay to such threats, working in the context familiar
- the same company is more exposed, given the numerous remote accesses to the internal network and the use of devices also for mixed use (BYOD), which has not always been possible to verify and / or configure in advance with a view to safety.
It is therefore appropriate that during this period you have the opportunity to renew to your staff in smart working, some fundamental rules of the correct management of the data breach, so that any violations of personal data can be adequately managed, despite the emergency.
To the point
One of the first rules for effective communication is brevity and clarity.
Rather than referring the company population to long and complex internal instructions or standard operating procedures, it would rather capture attention on a few but fundamental rules: the six rules of the data breach.