Home networks
Software / platforms
Device loss / theft
Remote working systems
Hackers or malicious actors
Infrastructure security
Personal data
Home networks
Lack of control and likelihood of weaker protocols on employees’ home networks.
Infrastructure security
Where staff access is not managed properly using measures such as VPN / secure gateway access and dual authentication.
Hackers or malicious actors
Taking advantage of the current situation to release phishing scams, viruses, malware or ransomware knowing that an organisations’ systems or an employee’s personal device used to work remotely may be more vulnerable.
Personal data
The processes for transferring personal data from the office to home – e.g. staff using removable media, emailing work to personal email accounts, or printing sensitive work-related materials on unsecured personal printers.
Software / platforms
Remote users may need to use different software or unfamiliar platforms in a different way to normal.
Device loss / theft
An increased risk of staff losing or having their devices stolen whilst they are away from the office.
Remote working systems
Use of new remote working systems, such as collaboration tools, for example:
– Shortcuts may have been taken in relation to supplier due diligence, data processing agreements and safeguards for international data transfers, meaning that if a data breach happens supplier-side the customer organisation may not be as well protected as it could be.
– Users / clients may not have been informed that their personal data will be processed using these tools (in line with the organisation’s transparency obligations under the GDPR).