The novel coronavirus pandemic has undeniably disrupted the way people do business around the world. In January 2020, the Hong Kong SAR government announced work-from-home arrangements for civil servants (with emergency and essential service exceptions). Private sector organisations soon enforced similar work-from-home and flexible hour practices to minimise social contact. The government has announced quarantine measures for travellers to avoid spreading of the virus. In a place like Hong Kong where people are generally familiar with the use of advanced digital technology, most businesses are able to continue operations in an uninterrupted manner. Without being physically in the office, employees can still get their job done efficiently: edit documents, exchange information, and confirm orders through remote access to the company’s IT infrastructure, personal computers, mobile devices, instant messaging, and digital audio and video conferencing.
Data and confidentiality protection
In this new mode of work, businesses are facing a challenge to maintain a high level of data and confidentiality protection. Employees who work from home may possibly transfer data, which may include sensitive and confidential business data or trade secrets, using unsecured devices. The flexible workplace policy aggravates the problem when people are required to get the job done using alternative or innovative ways without physical presence or contact. In this respect, businesses are reminded that:
|Companies should not forget the importance of maintaining confidentiality of sensitive business information. It is particularly the case if companies have given legally-binding undertakings to other parties to keep certain information confidential. It is not untypical that a confidentiality agreement or undertaking requires the company to disclose confidential information to its employees only on a “need-to-know basis”. The company may also be obliged to require its employees to keep the information confidential. A work-from-home setting may compromise the company’s ability to uphold protection of confidentiality. Companies should remind employees of their legal obligations and the need to refrain from circulating confidential information outside of the company’s VPN. Companies should formulate a policy to regulate sensitive data flow in a work-from-home environment, and restrict employees from sharing work stations or passwords.
With social distancing being the principal method for combating the virus worldwide, businesses have become more dependent on digital infrastructures and tools. The devastating result of a cyberattack would be unimaginable. Hackers may attempt to take advantage of this challenging time by sending phishing emails with health related topics like “last chance to buy cheap surgical masks” or “coronavirus vaccine” to bait people to click on links embedded with malicious malware. This could have disastrous results including possible damage to IT infrastructure, sensitive data exfiltration or malware infection. Hong Kong has been ranked as one of the top global destinations for cyberattacks in recent years. Digital security should be high on the priority list of businesses in terms of crisis management in this pandemic era.
The novel coronavirus pandemic has presented the world with unprecedented threats – stay agile and alert.