The novel coronavirus pandemic has undeniably disrupted the way people do business around the world. In January 2020, the Hong Kong SAR government announced work-from-home arrangements for civil servants (with emergency and essential service exceptions). Private sector organisations soon enforced similar work-from-home and flexible hour practices to minimise social contact. The government has announced quarantine measures for travellers to avoid spreading of the virus. In a place like Hong Kong where people are generally familiar with the use of advanced digital technology, most businesses are able to continue operations in an uninterrupted manner. Without being physically in the office, employees can still get their job done efficiently: edit documents, exchange information, and confirm orders through remote access to the company’s IT infrastructure, personal computers, mobile devices, instant messaging, and digital audio and video conferencing.
Data and confidentiality protection
In this new mode of work, businesses are facing a challenge to maintain a high level of data and confidentiality protection. Employees who work from home may possibly transfer data, which may include sensitive and confidential business data or trade secrets, using unsecured devices. The flexible workplace policy aggravates the problem when people are required to get the job done using alternative or innovative ways without physical presence or contact. In this respect, businesses are reminded that:
Companies should not forget the importance of maintaining confidentiality of sensitive business information. It is particularly the case if companies have given legally-binding undertakings to other parties to keep certain information confidential. It is not untypical that a confidentiality agreement or undertaking requires the company to disclose confidential information to its employees only on a “need-to-know basis”. The company may also be obliged to require its employees to keep the information confidential. A work-from-home setting may compromise the company’s ability to uphold protection of confidentiality. Companies should remind employees of their legal obligations and the need to refrain from circulating confidential information outside of the company’s VPN. Companies should formulate a policy to regulate sensitive data flow in a work-from-home environment, and restrict employees from sharing work stations or passwords.
With social distancing being the principal method for combating the virus worldwide, businesses have become more dependent on digital infrastructures and tools. The devastating result of a cyberattack would be unimaginable. Hackers may attempt to take advantage of this challenging time by sending phishing emails with health related topics like “last chance to buy cheap surgical masks” or “coronavirus vaccine” to bait people to click on links embedded with malicious malware. This could have disastrous results including possible damage to IT infrastructure, sensitive data exfiltration or malware infection. Hong Kong has been ranked as one of the top global destinations for cyberattacks in recent years. Digital security should be high on the priority list of businesses in terms of crisis management in this pandemic era.
- review IT policies to ensure enhanced level of security measures are implemented, especially in light of increased remote access to the company’s systems under the work-from-home policy;
- have a proper disaster recovery plan in place, and ensure the plan is viable in a work-from-home context;
- review emergency contingency plans and data breach protocols to ensure they can be implemented remotely;
- require employees who use digital means to communicate (in particular with apps like Whatsapp and WeChat) to consider whether such means are secure and appropriate for that particular communication, and whether separate records need to be kept of such communications for evidence purposes; and
- ensure employees at all levels are aware of all of these policies so that any problem that arises can be tackled swiftly to keep any damage to a minimum.
The novel coronavirus pandemic has presented the world with unprecedented threats – stay agile and alert.