ARTICLE
18 August 2021

Cybersecurity & Data Risks Associated With Remote Working

MG
Maples Group

Contributor

The Maples Group is a leading service provider offering clients a comprehensive range of legal services on the laws of the British Virgin Islands, the Cayman Islands, Ireland, Jersey and Luxembourg, and is an independent provider of fiduciary, fund services, regulatory and compliance, and entity formation and management services.
Robust cybersecurity policies, defences and training are essential to viability of remote working, advises Claire Morrissey, Head of Data, Commercial and Technology at Maples Group.
Ireland Technology

Robust cybersecurity policies, defences and training are essential to viability of remote working, advises Claire Morrissey, Head of Data, Commercial and Technology at Maples Group.

Technology has been both the biggest enabler and risk for all businesses in the response to COVID-19 over the last 16-18 months. The increased reliance on remote working and technology has provided more opportunities for scams and cyber-attacks.

At the outset of the pandemic, the Data Protection Commission (DPC) published brief guidance on protecting personal data when working remotely. This guidance supplements existing DPC security guidance and focuses on keeping devices, emails, cloud and network access and paper records secure. The National Cyber Security Centre also provided guidance on securing home offices against cyberrelated threats, including maximising home Wi-Fi security, good practice when using personal or work devices, and remote conferencing.

Year-on-year, data security breach notifications to the DPC are increasing. In 2020, there were close to 7,000 valid security breach notifications. When a breach occurs, the 72 hours mandatory reporting timeline ticks by very quickly. In fact, the DPC's first GDPR fine of a private organisation was a fine on Twitter for failing to report a breach within the requisite 72 hours of having become aware of it.

The recent ransom attack targeting the HSE brought home the real life impact of cyber-attacks. Cyber-attacks often start with phishing, smishing or vishing: employees are tricked by fraudulent emails, text messages or phone calls claiming to be from a reputable organisation, leading them to open a malicious attachment or link and disclose sensitive information, such as passwords or credit card details. This point of vulnerability reinforces the importance of staff awareness of IT security policies and cyber risks, staff training and phishing simulations.

TECH EXPECTATIONS

Cybersecurity risks are also a focus point for the Central Bank of Ireland (CBI). Its 2021 Consumer Protection Report outlines its technology expectations for the firms which it regulates. These include firms having: board-approved comprehensive, documented, IT and cybersecurity strategies, aligned with overall business strategies, and supported by sufficient resources; well-defined and comprehensive IT and cybersecurity risk management frameworks to identify and manage different threats, recognising that these IT risks are continuously increasing and that cybersecurity models are the subject of increasing maturity and continuous improvement; documented cybersecurity incident response and recovery plans outlining actions to be taken during and after a security incident, including communication with relevant external stakeholders.

Firms are also expected to prioritise the development of a strong organisational culture of cybersecurity at board and senior leadership level to support the effective identification, monitoring, reporting and mitigation of cyber risks. While these recommendations are specific to firms regulated by the CBI, they provide a useful roadmap for all businesses navigating technology challenges in a remote working environment

Post-pandemic, remote, blended and flexible working arrangements will be the new norm for many businesses. Robust cybersecurity policies, defences and training will be essential to the mitigation of cyber risk and continued viability and success of remote working across all sectors.

Originally Published by Chambers Ireland's InBusiness Magazine

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More