What does data protection have to do with hand washing?
Washing hands is an effective hygiene measure that can protect against infection with germs, bacteria and viruses. Companies should approach the issue of data protection according to the same principle, explains security specialist Virtual Solution.
Washing your hands has become second nature to most. However, companies and their employees do not always exercise the same caution when it comes to mobile communication. Malware and other malware can hide in installed applications. An app is quickly downloaded and the user usually doesn't give much thought to the consequences: What data and communication channels does the app access? What exactly is written in the depths of the rarely read terms of use? If employees use a company cell phone privately or a private smartphone for business tasks, this puts compliance with data protection regulations at risk.
Therefore, companies should observe the following rules:
- The explosive nature of the issue must be internalized. The carelessness of employees when using smartphones and tablets is often due to a lack of knowledge. This makes education and training all the more important to ensure that IT hygiene measures become a matter of course. All employees should also be given binding and uniform regulations for the protection of IT and data in the company. Careful handling of sensitive data must also be exemplified by superiors. All these measures prevent employees from unsuspectingly downloading dangerous apps.
- Offer only user-friendly tools. If possible, security measures should not restrict employees in their work, because only user-friendly solutions win through. Corporate apps must therefore be as easy to use as users are accustomed to from their private applications. It is just as important to involve the departments involved in the selection of tools in order to cover the business requirements of the respective employees.
- Strictly separate private and business data. Many apps have embedded functions for data exfiltration, i.e., the extraction of private data. In the case of WhatsApp, for example, this is the non-transparent access to the contact list, which may also contain business contacts. This is a violation of the requirements of the GDPR, as personal data may not be processed and forwarded without consent. Only a strict separation of private and business data can help against this data leakage. It also prevents data from simply being moved back and forth by copy-and-paste.
- Don't forget encryption and authentication. Business data must also be encrypted, both on the device and in transit. Access to systems such as file sharing or intranets must be through a secured channel. The corporate area should also be secured by PIN, TouchID, FaceID or - for even more protection - by smartcard. This way, data remains protected from misuse even if the device is stolen or lost.
"A container solution like SecurePIM strictly separates the business area from the private area on mobile end devices. Data and documents are stored encrypted to the highest standards and transmitted end-to-end. This creates an 'intrusion-proof' area to defend against cyber criminals and at the same time compliance with the DSGVO is guaranteed," explains Christian Mueller, Chief Marketing Officer of Virtual Solution in Munich. "The economic consequences of poor IT hygiene are often underestimated. Data and identity theft, misuse of stolen data and, for example, blackmail attempts can result in losses in sales and trust. In addition, there is the threat of high penalties for violating the DSGVO regulations. Compliance with data protection and security must therefore become a constant routine, just like washing your hands."
Source: Virtual Solution