Managing Covid-19 Cyber and Data Protection Risks
Exploring the risks and challenges related to cyber attacks and data protection amidst the Covid-19 pandemic. The agenda covers an overview of cyber-attacks, recent developments, protections against cyber attacks, data protection concerns during lockdown, compliance steps, and employee rights issues. Insights are provided on implementing remote working protocols, digital workspaces, and the uptick in cyber-attacks against Irish firms. The importance of assessing cyber risks at all business levels and understanding different types of cyber attacks is emphasized.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Covid-19 Cyber & Data Protection Risks 12 May 2020 1 www.beale-law.com International Construction and Insurance Law Specialists
Introductions Cian O Gorman Solicitor T: +353 (0) 1 536 9634 +353 (0) 86 032 5095 E: C.OGorman@beale-law.com Tara Cosgrove Partner T: +353 (0) 1 536 9612 +353 (0) 87 179 1165 E: t.cosgrove@beale-law.com Sean O Halloran Solicitor T: +353 (0) 1 536 9621 +353 (0) 87 667 2976 E: S.OHalloran@beale-law.com 2 www.beale-law.com International Construction and Insurance Law Specialists
Agenda: Covid-19: Cyber & Data Protection Risks 1. Overview of Cyber-attacks & Risks 2. Recent developments & examples of Covid-19 themed Cyber attacks 3. Protections businesses can put in place against cyber attacks 4. Data protection concerns arising from the lockdown 5. Practical steps that businesses may take to ensure compliance with data protection laws 6. Issues in respect of employee rights 3 www.beale-law.com International Construction and Insurance Law Specialists
Cyber Risks: Overview Implementation of remote-working protocols Digital Workspaces? Personal Devices/Laptops? Heightened risks Europol: Pandemic Profiteering 4 www.beale-law.com International Construction and Insurance Law Specialists
Cyber Risks: Background Significant increase in cyber-attacks against Irish firms PwC Irish Economic Crime and Fraud Survey Beale & Co. have seen this reflected in increasing rise in cyber-attack claims 5 www.beale-law.com International Construction and Insurance Law Specialists
Duty and Breach Everyone is a target! Example: Construction Sector Employees at all levels Email inbox is the final destination Assess your risks at all levels of the business 6 www.beale-law.com International Construction and Insurance Law Specialists
Assessing Exposures First-party exposure Vs. Third-Party Exposure 7 www.beale-law.com International Construction and Insurance Law Specialists
Types of Cyber Attacks Email Redirect Fraud Phishing attacks Social engineering Backdoors DDoS attacks Form jacking MITM attacks Drive-by downloads Malware 8 www.beale-law.com International Construction and Insurance Law Specialists
Covid-19 Themed Attacks Video conferencing attacks Corona Antivirus software scam Coronavirus Finder Scam Sale of Protective Equipment Scams Internal Staff member Fraud 9 www.beale-law.com International Construction and Insurance Law Specialists
Recent Case Examples Example One: Invoices sent to 9 different clients Example Two: Emails silently monitored for months 10 www.beale-law.com International Construction and Insurance Law Specialists
Preventative Measures Implementation of secure IT systems Implementation of a Cyber-Attack Quick Response Policy User Training Cyber Insurance 11 www.beale-law.com International Construction and Insurance Law Specialists
Fundamental Defenses Minimise the overlap of business and personal Do not to click on links/open attachments not expected Keep all software updated Change passwords regularly Implement multi-factor authentication Always call to verify bank details 12 www.beale-law.com International Construction and Insurance Law Specialists
Further Increase in Cyber-Attacks Expected Europol: expecting an even further increase in new, modified cyber-frauds to emerge over the next few weeks and months The Garda National Economic Crime Bureau: warning re unsolicited emails 13 www.beale-law.com International Construction and Insurance Law Specialists
Conclusions & Key Takeaways 1. Full analysis of cyber defences 2. Always remain vigilant 3. Staff training 4. Secure devices 5. Multi-factor authentication 6. Always ring to verify bank details 14 www.beale-law.com International Construction and Insurance Law Specialists
Background Stringent rules designed to prevent the spreading of coronavirus have prevented people from travelling to work, except if they are employed in certain sectors deemed essential. To keep their businesses open, employers have had no option but to allow their staff to work at home, despite the data protection risks. Today, whole sectors of the economy continue to operate solely thanks to remote working 15 www.beale-law.com International Construction and Insurance Law Specialists
Employees permitted to work remotely? 2017 survey of IT decision-makers from private and public sector organisations across Ireland recorded that only 37% of workers have the authorisation and access tools to work remotely No Yes 2018 survey* of UK of office workers: 53% of staff not allowed to work from home as they used to pre-GDPR 0% 20% 40% 60% 80% Survey: Only 37% of Irish Workers are Able to Work Away From-the Office , Irish Tech News (Online), 7/12/17, available: https://irishtechnews.ie/survey-only-37-of-irish-workers-are-able-to-work-away-from-the-office/ * The GDPR Implications of Working from Home , Business First (Online), 17/10/18, available: https://www.businessfirstonline.co.uk/articles/the-gdpr-implications-of-working-from-home/ 16 www.beale-law.com International Construction and Insurance Law Specialists
Pre-Covid Position 67% of IT departments surveyed did not have visibility of all business documents 55% of IT departments surveyed were not aware of all personal devices being used to create work documents 17 www.beale-law.com International Construction and Insurance Law Specialists
Legislation EU General Data Protection Regulation and the Data Protection Acts 1988-2018 Data controllers and processors must implement measures that ensure appropriate data security with respect to the level of risk presented by processing that personal data Requirement of data protection by design and by default 18 www.beale-law.com International Construction and Insurance Law Specialists
Employees Working from Home 19 www.beale-law.com International Construction and Insurance Law Specialists
Data Protection at Home Employers are responsible for taking the appropriate measures to ensure protection of data accessed and processed by employees working remotely 20 www.beale-law.com International Construction and Insurance Law Specialists
Data Protection at Home Draft a framework document Arrange ongoing training for employees to remind them of their data protection obligations Remind employees to not use personal email addresses for work purposes 21 www.beale-law.com International Construction and Insurance Law Specialists
Data Protection at Home Log devices and apps employees are using to store and exchange data Ensure that employees devices are password protected, encrypted, and can be wiped remotely Record the details of paper records and files that employees bring home from the office 22 www.beale-law.com International Construction and Insurance Law Specialists
New Systems = New Risks Review any existing data protection agreements with customers to ensure cloud storage is permissible Check the storage provider s terms and conditions and privacy notice Ensure that privacy settings are appropriate 23 www.beale-law.com International Construction and Insurance Law Specialists
New Systems = New Risks Beware of unencrypted video conferencing software that Third Parties can infiltrate Not all systems are the same 24 www.beale-law.com International Construction and Insurance Law Specialists
Telephone Conversations and Video Chats Employees should be reminded that telephone conversations and video chats present the risk of being overheard Employees must ensure that they are not discussing customer or other personal data where family, flatmates, or neighbours can eavesdrop 25 www.beale-law.com International Construction and Insurance Law Specialists
Data Breaches Many risks decreased Many more increased 26 www.beale-law.com International Construction and Insurance Law Specialists
Identify and Report Data Breaches as They Occur Authorities must be notified within 72 hours It is important to note that this time limit will not by the current pandemic If a breach is likely to result in high risk of adversely affecting data subjects they must be informed directly 27 www.beale-law.com International Construction and Insurance Law Specialists
Identifying Data Breaches More Difficult Whilst employees are working at home it will be more difficult for organisations to detect and respond to data breaches. Practical steps to overcome this: Training employees No-blame culture Documenting all breaches internally 28 www.beale-law.com International Construction and Insurance Law Specialists
Data Subject Access Requests 29 www.beale-law.com International Construction and Insurance Law Specialists
Data Subject Access Requests Respond within one month of receiving request, but extendable If statutory timelines cannot be met owing to Covid-19 pandemic, the data protection commission have confirmed that they will consider complaints in the context of same Common sense 30 www.beale-law.com International Construction and Insurance Law Specialists
Data Subject Access Requests Where is the data? Remind employees to not save locally Remember, employees are data subjects also 31 www.beale-law.com International Construction and Insurance Law Specialists
Employee Rights 32 www.beale-law.com International Construction and Insurance Law Specialists
Employee Rights: Monitoring Emphasise the split between home and work life Are you monitoring your employees private communications? 33 www.beale-law.com International Construction and Insurance Law Specialists
Employee Rights: Infected Employees Sharing details of infected employees? Necessary to balance the employee s privacy rights with the necessity of ensuring their colleagues are safe. 34 www.beale-law.com International Construction and Insurance Law Specialists
Thank you Cian O Gorman Solicitor T: +353 (0) 1 536 9634 +353 (0) 86 032 5095 E: C.OGorman@beale-law.com Tara Cosgrove Partner T: +353 (0) 1 536 9612 +353 (0) 87 179 1165 E: t.cosgrove@beale-law.com Sean O Halloran Solicitor T: +353 (0) 1 536 9621 +353 (0) 87 667 2976 E: S.OHalloran@beale-law.com 35 www.beale-law.com International Construction and Insurance Law Specialists