As a lawyer and head of the data protection department at Greek company Privacy Advocate, Christina Mantas is definitely someone we wanted to talk to. With many folks working from their homes, she believes now is the best time to take both your security and privacy seriously. After all, making wrong steps could put your company’s business in jeopardy. And with home networks typically not being as secure as those in the office, the risk is that much greater… Read on for all the details…
Can you shortly introduce yourself?
My name is Christina Mantas, I am a lawyer and head of the data protection department at Privacy Advocate, which provides consultation on best practices to ensure ongoing compliance with Data Protection requirements under the GDPR. We also provide data protection services to a variety of industries, especially in the public and private healthcare sector, as well as software development companies, e-shops, insurance companies, law firms, hotels, and professional sports teams. The foundation of our specialization is the deep knowledge of everyday operations of all primary and secondary healthcare providers. We also perform training seminars for the implementation of GDPR in health, involving high-level executives who are required to implement the Regulation.
What do you see as the main challenges for our privacy today?
The majority of issues privacy professionals face in 2020 inevitably arise from the spread of COVID-19. As if it wasn’t already a struggle for many to maintain compliance before COVID-19, it is now even more important they are aware of the potential risks.
Data security risks have risen significantly with the increase in employees working from home. Not only is this down to human error (although that is the most common form of a data breach) but also includes fraudsters looking to exploit the vulnerability of businesses. Consequently, privacy professionals need to consult businesses and organizations on how to handle basic security issues while employees work from home. For example, our company was asked what would be the safest way for a board meeting to take place online. Most of the popular online conference tools that employees have been using to stay connected face privacy protection issues. Meeting calls that are not secured by a password can be easily attacked by hackers.
Let’s also not forget the risks resulting from the use of company equipment. Most employees have been loaned computers and other devices to use while working remotely. Companies need to carefully consider potential risks and understand how they can be mitigated.
What can we as individuals do about it?
There is no better time for all of us and especially people who work from home to raise security awareness through training. With over 90% of cyber data breaches down to human error, the risk of breaches can be reduced with effective training. In turn, this will avoid fines and the potential reputational damage that follows.
Sending emails to the wrong recipients, downloading a malware-infected attachment, or failing to use a strong password are all ways that human error could ultimately lead to a data breach. Many of these lapses in judgment happen due to lack of knowledge because the employee is tired, distracted, or not paying attention. Let’s all make an effort to actually read our company’s privacy policies and security guides.
Can VPNs help? Do you use one?
A VPN is the number one safety measure that we advise our clients to use especially when working from home. If employees are not using a virtual private network to access shared company assets, definitely now is the time to do so. Home Wi-Fi networks are not likely to be as secure as a work network. Using a VPN will help to protect the connection, otherwise, this could leave services exposed to hacking and allow unauthorized access to data.
In our company we could never not use one! We have to protect client files and sensitive personal data and the reality is that we cannot risk the safety both of our clients’ data and our reputation as a privacy consulting company.
What do you do to protect your personal information?
For starters, I always use strong and different passwords to keep apps, accounts, and personal information protected. I do the same for my laptop and desktop computers. I never use a free Wi-fi and when working from home I make sure to use my VPN to keep my activity encrypted. I try to keep all software on my PC up-to-date with the latest updates and patches, and I keep a lot of different backups for my data.
Apart from the technical measures however, I try not to share a lot of information online and keep my social network activity private except for LinkedIn which is strictly professional.
Do you have some other advice for our readers so they could, at least partially, regain their privacy?
They could take small and simple steps, for example, get rid of their free email service and start paying for an alternative that has full encryption. Also, they definitely need to have a unique password for absolutely every single website, app, or service that they use. There are tools (at a small cost) that remember all of the passwords you use and then allow you to log in to sites with a single click.
It is very important for readers to consider the implications before they embrace any new technology such as smart speakers or smart home devices. Global corporations continually listening to you in your private space cannot easily be trusted.