By David Hoover, Senior Privacy and Security Manager, Validic™
Due to the spread of COVID-19, many folks have transitioned to working from home, sparking a conversation around data security and privacy.
So what’s all the fuss about? Many companies today have policies in place for teleworking, media transfer, data transfer, etc. Your company has likely instructed you to use secure Wi-Fi connections, not make copies of sensitive or confidential data, maintain a clear desk and a clear screen, and generally maintain security and privacy as you would in your office.
Working remotely doesn’t change security or privacy needs or requirements. HIPAA, ISO, HITRUST, and others may be relaxing rules, but they aren’t taking the day off, and neither should you. The data is still the data, no matter where you analyze, study, process, or access it. PHI is still PHI, PII still PII, and so forth. The rules must be maintained in all situations.
Easy to say, hard to follow, you might think. Think again.
How many times have you touched sensitive or confidential data locally on your device? Hopefully not at all, as it is likely against policy, or even security settings. And if you have, it is probably documented somewhere and being monitored by SIEM, FIM, AV, or other security settings and software. But it is most likely through a portal or software already designed to keep the data safe through a user/pass combination, multi-factor authentication, or another security feature.
So what extra precautions should we take, if any?
In my opinion, the most important thing you can do is be aware of your surroundings. Being outside your office, your secure environment changes perception. Sensitive and confidential data should be protected by multiple safeguards regardless of their utilized location. You shouldn’t be sharing your passwords with others no matter where you are. If you do access PHI or PII, don’t do it in public or within easy sight of your friends and family. These are all things you should be doing anyway, in the office or at home.
View More >