Site icon

How the Pandemic has Heightened the Need for Data Protection

How the Pandemic has Heightened the Need for Data Protection_WEB

With the world in a current effort to reduce COVID-19 spread, social distancing has drastically changed the way we work, with working from home and taking business information off-premises becoming a daily reality. Additionally, to find a cure or effective treatment for COVID-19, the gathering and sharing of information about those infected, most of this being Personally Identifiable Information (PII), has become paramount.

However, allowing access to information in both of these cases, and the gathering of data in the latter case, bring risks that can outweigh all the benefits of such practices.

Fortunately, organizations can find frameworks that can help in these situations, one of which ISO 27001, an internationally recognized standard that addresses information security management.

This article will present some common risks related to sensitive data and how ISO 27001 can help organizations to protect them, whether they are just stored or being communicated.

Common risks related to data in a pandemic

Considering business information off-premises, some of the common risks it is subjected to during a pandemic situation are:

As for personal information for fighting the pandemic, some of the common risks are:

Internet searches can show many solutions on how to deal with these risks, but only implementing them without proper follow up can cause a company to either overprotect data, negatively impacting desired outcomes (e.g., business objectives or cure or treatment for pandemic diseases), or to leave critical risk unproperly treated, leaving data, companies, and persons without adequate protection.

ISO 27001 framework

ISO 27001 is an internationally certifiable standard, published by the International Organization for Standardization (ISO). It defines the requirements for systematic protection of information, in the form of an Information Security Management System (ISMS), which is applicable to organizations of any size and industry.

In short, it helps an organization to:

When implemented well, ISO 27001 provides a cost-effective and robust basis for protection of their information, and those under their responsibility, with no more and no less than what is required.

ISO 27001 controls for protecting data in a pandemic

Considering the previously mentioned risks, the implementation of robust data protection considering controls from ISO 27001 Annex A would include:

Organizational aspects:

Technical aspects:

Physical aspects:

Human resources aspects:

As you can see, ISO 27001 can help cover risks in a wide range of aspects related to data protection and remote work, and the selection of proper controls is based on the risk assessment and identification of legal requirements.

Helping fight the pandemic safely as possible

To fight the pandemic is important, as is preserving people’s privacy rights. Additionally, keeping a business running is paramount, and, in both situations, it may involve keeping or sending information outside of the data custodian’s environment, increasing the risks of it being compromised.

However, such risks can be reduced to acceptable levels by applying good security practices.

ISO 27001 presents a set of security controls that can be adapted to the needs for data protection and remote work, allowing business activities and people’s privacy to be handled properly.

Remote work is a reality that is unlikely to be reversed, and fighting COVID-19 will still require access to people’s sensitive information, which brings risks, increasing the surface of vulnerabilities that can be exploited by malicious people.

In this way, it is also necessary to approach remote work also with a view of security, and for that, the ISO 27001 standard can prove to be a good basis for the protection of information.

About the Authors

Dejan Kosutic is the main ISO 27001 & ISO 22301 expert at Advisera.com, holds a number of certifications, including Certified Management Consultant, ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, and Associate Business Continuity Professional. Author of numerous books, toolkits, tutorials and articles on ISO 27001 and ISO 22301.

Rhand Leal is an ISO 27001 expert and an author of many articles and white papers at Advisera. He holds a number of certifications, including ISO 27001, ISO 9001 Lead Auditor, CISSP, CISM, and PMP.

Exit mobile version