A person with a hood on his head sits in front of a laptop. The background is black.

Home Office Checklist - Corona crisis becomes surveillance scandal 2.0

The corona crisis has stirred up many minds. Many entrepreneurs are interested in a quick solution and forget the daily dangers of digital data processing. People's privacy is sometimes trampled underfoot. Edward Snowden recently spoke about this personally. The whistleblower warns against surveillance measures introduced in the wake of the corona virus, which could lead to this regulation being permanently incorporated into legislation. Our checklist will help you choose digital tools safely

After the advantages of home office became clear, one should still not rush anything.

Because even if the whole world feels that it is necessary to slow down the spread of the corona virus, there are unfortunately people, organizations and even authorities and companies who take advantage of this situation.

The corona crisis has stirred up many minds. Many entrepreneurs are interested in a quick solution, forgetting the daily dangers of digital data processing that existed before the corona virus. People's privacy is sometimes trampled underfoot.

Corona crisis gives authorities reason to monitor

Edward Snowden recently spoke personally about the Corona crisis. The whistleblower warns against surveillance measures introduced in the wake of the corona virus, which could lead to this regulation being adopted permanently in legislation.)

I personally found Edward Snowden's interview on the current corona crisis very exciting.

In this context, I do not wish to offend any company and will deliberately refrain from mentioning names. But I would like to take this opportunity to ask you to critically examine the situation and reports!

Natürlich wird aktuell kein Unternehmen zugeben, dass sie Kundendaten an Behörden oder Dritte weitergeben werden. Die Unternehmen und Behörden selbst haben aus der „Snowden-Affaire“ gelernt, agieren vorsichtiger und wissen ganz genau, dass die Menschen eine solche Meldung beunruhigen würde und vielleicht sogar zu einem Aufstand führen würde. In einer solchen Situation kann es sich niemand leisten. Deswegen spielt sich alles im Hintergrund ab – ohne das jemand etwas davon mitkriegt.

And who thinks, "Oh, no one in Germany will take part." - is wrong.

"In the fight against the further spread of the corona virus, Deutsche Telekom, for example, is already supplying anonymous location data of millions of German mobile phone users to the Robert Koch Institute.” (Jörn Brien 27.03.2020: „Keine Überwachung geplant: EU einigt sich mit Telekom-Riesen über Handydaten-Weitergabe, yeebase media GmbH)

All right, now some people are thinking "It's "just" metadata." Then go one step further in the direction of practice.

Which tools do you currently use in your company?

Many tools for video meetings or telephone conferences have American third party processors, and the "Big Five" are also listed frequently. How do I know that? Because we ourselves were recently looking for a secure video and telephone system. The same applies to various team chats - and just think what sensitive information can be quickly forwarded in a team chat. And then finally we come to our favourite topic - cloud storage and customer databases. In my opinion, this is where the risk potential is at its highest. Where else do you store your sensitive data if not in the cloud?

At this point I would like to emphasize that even if many providers advertise on their website with "Made in Germany" and "Maximum data protection", in many cases this is not 100% true. A quick look at the order processing contract and technical-organizational measures is usually sufficient.

You should pay special attention to free offers, because they are usually not really free of charge. Rather, there is a "currency exchange" behind them, where you do not pay for your products with money, but with your data. This way you are no longer a customer but the product - how else can providers of such services afford such offers economically? How often do you hear in the media "Company XY" sells data to ... .". Also recently, the media reported that a popular video meeting tool that many use in the business environment is reselling your data to a major American corporation. How much would your data be worth? Unfortunately, data monetization is "normal everyday life" for large corporations these days.

Hands typing on a laptop keyboard are seen. Above the image is a security lock in a networked circle

Are we ready for home work?

Many companies are currently in the process of sending their employees to the home office - without first checking their working environment.

Many home computers do not have sufficient or up-to-date anti-virus protection and are already "contaminated" without the owners knowing it.

Even digital tools designed to facilitate communication and work in the home office are selected too quickly - without the data protection officer first looking into the subcontracting relationships or the contract processing agreement. However, data protection is also an important issue in the home office. Even more so than in the (hopefully) protected office environment.

An example: Many parents are currently working from home and at the same time looking after their children - hats off! This is not easy in most cases. But what would happen if an employee went to the toilet for a short time - without prior data backup and screen lock and the unneeded child then gains access to the PC or laptop. Data is deleted, sent or moved too quickly. Would this have consequences for your company? Do you have a backup of data in case data is accidentally deleted?

There are many things to consider in such a situation.

Hackers exploit corona crisis - "Cyber-Corona"

The fear and insecurity of the population is shamelessly exploited by cyber criminals. Sites that collect information about the COVID-19 development have malicious software on them. Cyber criminals equip sites with spy software to monitor the users. Emails with information about the Corona crisis are also provided with malware, whereby users unknowingly download malware.

In such attacks, covert screenshots, video and audio recordings are made via connected cameras and microphones. It is not even visible to the user whether the device is switched on, e.g. flashing lights on cameras.

Such attacks give hackers access to sensitive information and data. This includes not only holiday photos, but also e-mails, passwords, chat content, financial and payment data.

I would like to remind you at this point that with such data not only identities can be stolen, but companies could also suffer economic consequences. For example, what if customer data or chat histories could suddenly be publicly available on the Internet.

Therefore always - especially now - be aware of what you click and download on the Internet or in emails, so that you do not get infected with "cyber corona". Because such "traps" can also be behind free webinars, e-books or "Corona special offers".

A man sits in front of his laptop and look thoughtfully towards the window

Home Office Checklist for a safe working environment

This checklist does not claim to be exhaustive, but it does show what we consider to be the most important questions that employers should ask themselves before blindly rushing themselves and their employees into the home office.

Are my employees allowed to work in the home office?

  • Are personal data of customers processed at home?
  • Check regulations in contract processing agreements
  • prepare any necessary measures and obtain consent
  • adapt technical-organizational measures if necessary

What digital tools do we need?

  • Telephone system
  • Video conference
  • team chat
  • Project Management Tool
  • Cloud storage for secure data exchange
  • Calendar
  • Time recording
  • Password Manager

What are our demands on these tools?

  • Server location Germany
  • Client side encryption
  • zero-knowledge principle
  • Use of Open Source Software
  • No subcontracting outside Germany
  • German Support
  • Flexible contract terms and rates
  • Special features

Are the employee workstations at home ready?

  • Equipment: work equipment, headset, webcam
  • Current updates and operating systems
  • Stable internet connection
  • Existing antivirus software/ firewall
  • Lockable rooms

Next step: Prepare your virtual team

Once the framework conditions have been clarified, nothing can really go wrong. But what about the implementation?

For many employees and managers it is an interesting situation, but one that takes some getting used to. Do all colleagues know how work is done? Who is responsible for what? Do their colleagues get along with the tools? Does everyone know how and when to work with the tools?

Here the old principle "communication is everything" clearly applies. It is essential that you discuss with your employees beforehand what you are planning and what difficulties may arise. Take away any fears of not understanding the technology in advance by assuring your employees that you also have to get used to everything first and that you yourself are no professional. Nothing hampers productivity more than employees who spend hours "trying out" because they don't dare to ask!

In this sense: Have courage and enjoy your work!

Author: Nicole Smuga

--

Sources:
"Jörn Brien (27.03.2020): Edward Snowden: Jetzt errichtete Überwachung wird Corona-Krise überdauern."
"Sabina Wolf (19.03.2020): Coronavirus: Hacker nutzen Pandemie für Angriffe aus. Bayerischer Rundfunk."
"Michael Schäfer (27.3.2020): Videokonferenz-App: Zoom soll heimlich Daten an Facebook übermitteln. ComputerBase GmbH."

Coronavirus 5 point plan from luckycloud
-Home Office secure and successful implementation

Part 1:
The fastest and safest way to the home office
– - Corona-Home Office Guide from luckycloud and the advantages of working from home

Part 2:
Corona crisis becomes surveillance affair 2.0
-Data protection checklist for digital tools

Part 3:
Working from home without loss of control
-Leading virtual teams digitally, independent of location
Part 4:
In 3 steps set up cloud storage in your home office with luckycloud
-Secure cloud storage from Germany for your home
Part 5:
Using cloud storage in the home office
- Exchange data securely and easily in a team with luckycloud

You might also be interested in