Loyola University Chicago School of Law, JD 2023
Remote work was something once looked at as a gift, a day to work at home in your sweatpants on your couch. But now, some are stuck working from home until further notice or maybe even until they retire. This new method of work has made it much harder for businesses to keep the information of their workers and customers safe despite additional avenues of technology being used to work from home. An average employee may never think about the challenges associated with data security, but it is important to shed some light on this subject so that more people understand its importance. It is also important to understand why the lack of data security laws in the US could be so detrimental to any company doing work here. Company and consumer information is more vulnerable than ever with people working from home all over the country and without comprehensive data security regulations in the US, there is no end in sight.
Privacy and data security
The work from home mandates put in place for employees across the world required many of them to work from their personal computers on their home networks. Although they are often insufficient, this meant there was no access to the data security programs installed on office computers to keep that data secure. Since the transition to working from home, data has been more susceptible than ever before because of the lack of regulations in place to protect it. Some compliance experts have argued that GDPR is the perfect solution to solve these data security issues.
GDPR is the European Union’s version of comprehensive data protection regulations. The guidelines require that organizations doing business there maintain data protection practices that address emerging privacy and security risks. Additionally, it gives people rights to their data, including to access and delete it when they choose. These regulations hold the companies accountable for protection of the mass amounts of data they obtain as well as make sure that companies protect that data from falling into the hands of attackers.
Unfortunately, the US doesn’t have its own comprehensive data security regulation like GDPR, leaving many companies to take matters into their own hands at the beginning of work from home requirements. This created an array of data protection policies without much guidance. GDPR’s data protection guidelines made the transition much more manageable when it came to data privacy in the countries that had already implemented it. Many companies in the US still do not have proper policies in place to protect their data and in many cases, they won’t put protections in place until it is too late. This is a result of both the cost of implementing data privacy policies and the sparse state regulation in place. The US should take action immediately to implement its own comprehensive data privacy regulations to force companies to take actions to protect their data and avoid confusion with different state programs. The shift to many new employees working from home may be just what the US needs to jump start the conversation.
But how bad could it be?
Since more people started working from home in early 2020, there have been many more hacking attempts on remote workers. An article by the Guardian stated that the proportion of attacks targeting home workers increased from twelve percent before lockdown to sixty percent just six weeks after it began. Probably the most well-known and commonly seen attack on remote workers is what is now known as “Zoom bombing” where an attacker will enter a Zoom meeting taking place and attempt to steal information. To prevent this, many companies and schools now require participants to enter a password to access the meeting. As we can see from what happened with Zoom, companies waited for a security issue to arise before taking action to prevent it. The fast switch to working from home created a lot of opportunities for hackers to take advantage of the vulnerability of workers without warning.
Cybersecurity has also never had sufficient attention in the US, but the fast change to remote work has slowly made people realize the need for data protection and privacy. Another article called the events of 2020 a cyber pandemic along with the COVID-19 pandemic. It goes on to say that the pandemic created the perfect storm for cyber-attacks, and it was easy for hackers to obtain information because cybersecurity was not at the front of most people’s minds before 2020. It used to only be the responsibility of IT employees to keep track of data security, and no one knew what hit them when cyber-attacks became more popular in 2020.
This pandemic has taught us many lessons, but in the area of data privacy it has taught us that now more than ever we need regulations in place to protect consumer and company data. It is clear that for some people, remote working may never be going away, at least not fully, so it is important that everyone is taught the importance of data security.