In employment practices, employers collect employees’ personal data for various purposes, such as to provide employee development and engagement programs that target the core problems, thus creating real results in the overall employees’ productivity and performance. Yet, employers also have full responsibility to protect employees’ data privacy from any misusage, including cyber breach. 

The current COVID-19 crisis, however, has created a perfect opportunity for cybercriminals to steal sensitive data from companies and organisations, including employee’s confidential data. With that in mind, HR in Asia team sat in a candid interview with Thomas Matecki, Founder & CEO at Emotional Vector Analytics (EVA) to answer some critical questions on how business leaders, HR leaders, and individuals at large could protect their data privacy from cyberthreats. 

The Action Fraud survey shows that online fraud increases as Covid-19 crisis continues. This has made individuals who use online services vulnerable to be hijacked. How will it affect corporations when their employees become a victim?

While many may think exposing one’s data online is an issue of individuals – it is not. Compromising personal “private” details often lead to more significant problems and potential threats to the business world. Especially in the post-COVID world, the risks are way higher.

While work from home becomes the new normal, it is way more difficult for companies to assert security. The machines are used for personal needs and that itself poses an additional, unnecessary risk. For example, using a personal PC, with both professional and personal emails on it, heightens the risk of phishing attacks. Employees are often unaware of how complicated and risky their activities could be. The modern digital world needs a solution where one is in total control and can predefine the ways and patterns the internet content is delivered. It could work adaptively and support the user in using their data more consciously. At EVA, we are creating such a solution for individuals, including employees and business executives, to get full control of their data online, ushering them to achieve overall wellness and real privacy. 

In line with the previous question, what should employers do when employees already fall into phishing attacks?

First and foremost, employers should create dedicated departments and teams, as well as introduce procedures in case of such an event. This should be considered more as a prevention rather than reaction. I am a firm believer in educating staff and creating opportunities for people to develop their knowledge and skills in terms of data privacy.

Investing in tools helping people daily to manage their internet usage, defining the safe zones will drastically help control risks. One major thing to remember here is that the USER needs to be in primary control. Creation of a safe and healthy environment requires, above all, trust. Users need this type of encouragement when it comes to their data.

How can corporations protect their employees’ data privacy? What to adapt and how to adopt?

Training, Training, Training and finally: procedures! Kevin Mitnick, the pioneer and probably the first well-known hacker said words which are still very true: “You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.”

In reality, the weakest point is ALWAYS the human and the human error is always the root cause of any successful attack. Either it is negligence, laziness or lack of experience. Many people tend to ignore the importance of data protection and take it for granted. But in reality DATA PROTECTION should be a major concern and the highest priority for everyone. Companies can help educate employees, not only by giving them required training but also by empowering users to share their experiences. Mitigating the cybersecurity risk should be the most important matter in any company no matter what size. 

To be efficient and successful in it, the security and data related exercises cannot be just a list of checkboxes. It requires people with passion and knowledge to talk about it, to inspire others. It takes good storytellers who can connect with the audience and make sure they will benefit from such training sessions. But leaders always need to start with sharing the reason for such training, not just blindly push employees and expect obedience. 

Facial recognition and location tracking is government’s’ first-line method to manage the spread of COVID-19. However, scientists and researchers argued that this could violate the privacy of individuals and organisations involved. As an expert, how do you see this issue?

The problem is not in the technology itself. There are many talented developers, geniuses in their fields, but the major issue is the actual communication –  human to human interactions and commitment to universal values. Such an application/tool might be helpful but needs to be designed with a human-centric approach – keeping users as the top priority, making sure that their data and privacy are safe. This sounds simple but the challenge is to make people collaborate – to work on vision rather than a solution and to foster societal values rather than business strategy. 

The United Nations recognised data privacy as a fundamental human right, yet it is abused on a daily basis. Governments are pushing for a solution to tackle the COVID-19 outbreak, but to be successful, we need collaboration with experts: developers to ensure the maximum security and human rights lawyers to guarantee rightfulness. There are ways of building a good solution, but this task requires not only technical expertise but also humane approach and care for the long term consequences to society as a whole.

Can you suggest a trusted platform or application that will not harm our data privacy? How reliable is it to protect employee’s data privacy?

The ideal platform does not exist… yet!! From the corporate point of view, one of the best is bigID, Data Security and Data Privacy focused solely on B2B. However, if we dive into the subject human-centric security. The missing link lies between data privacy (technology) and mental health (humanity).

What initial measurements for organisations or individuals to protect their data from any possible breach or violation?

It might sound cliche, but the most important part is common sense. It is important to understand the risk and be aware that threats online are real. There are some simple habits which can vastly mitigate risk at little cost, like zero-day updates, spam filters engaged, or being cautious with any “too good to be true” sounding emails.

Next, I would strongly recommend some additional education – either videos or books based on personal preferences. There are tons of accessible materials, but the most important ingredient is to remember that it is our responsibility to ensure our privacy. Every individual is responsible for his own action and own health. One may need some support every once in a while, but just as the World is crazy about being fit and healthy, I actively create a new trend of being Digitally Fit and Digitally Healthy, meaning taking good care of one’s digital profile just as for the physical. 

Lastly, based on your research, what does the future promise regarding corporate and individuals’ data privacy? And how will it change everyone’s life?

I see the future in flying colours. The UN’s recognition of data privacy rights, GDPR legislation, Open Banking initiative and many more indicate that this issue matters. The lockdown and the step increase in internet usage are a perfect catalyst for further changes. While many companies are moving away from regular offices, towards a remote work paradigm, this creates opportunities like never before for groundbreaking changes and innovations in this space. We need a completely new approach to data privacy and security online. We need to make sure that USER is not only in full control of their own data, but also can benefit from any value their data creates for businesses.

From a global perspective, data phishing and identity thefts happen because there is a demand for digital data. When we create #OpenDataInitiaive where we are not only empowering users to assert their rights, but also introducing tools to actively manage their data, overnight the users become interested in it. This democratization of the data market offers a supply of top-quality input, rendering digital crime obsolete. 

In addition, the change in the way we create and consume data will disrupt the World. The users will no longer be faceless numbers on spreadsheets, but actual partners to negotiate the content and value of their data. While there are entities safeguarding our finances, I believe we need an institution which protects our digital assets, just like EVA that will improve our lives by giving us our digital freedom back. 

Read also: Employees Have Little Knowledge about Ransomware Attack: Kaspersky Report

About Thomas Matecki: 

Matecki is an experienced senior technology manager with over 15 years of experience in initiating and delivering sustained results and effective change for software development across a wide range of industries. He is also a former white-hat hacker and has well over a decade of cybersecurity experience. 

Content rights: This exclusive interview content is produced by HR in ASIA. Any redistribution or reproduction of part or all of the contents in this interview is prohibited. You may not, except with our express written permission, distribute or commercially exploit the content.