The Covid-19 pandemic made it imperative for organisations to conduct business remotely in order to stay competitive during the UK lockdown. Many have adjusted quickly, changing the way they deliver services, connect and communicate with employees in their new working from home (WFH) environment. HR policies may have been changed to allow for WFH but have data protection policies been considered? If not, they should be to help prevent the misuse of data and breaches.
Below are four data protection tips to consider and potentially add to your current policies to help secure the WFH environment and prevent breaches.
1. Stay alert to data breaches when working from home
It is important to remind your employees about the importance of maintaining high data protection standards whilst working from home and to understand the importance of reporting any data breaches immediately. Your escalation processes need to be reviewed. If perchance, there is no escalation process for data breaches; one must be implemented immediately.
Data breaches are more likely to be on the increase as more employees are working from home. The work environment might be informal and have distractions of family and social media. These distractions may result in emails being sent in error or even worse the clicking of a link in a malicious email.
2. Create new policies for new working environments
Due to the new working environments; employees need to be reminded to comply with security measures and maintain confidentiality; regardless. Security measures need to be reviewed to ensure their suitability.
New working environments introduce changes in how we use technology to connect and share files with video conferencing. Using this technology could result in video capturing information unexpectedly and conversations being overheard, screens being viewed and virtual meetings hacked. This means personal information is unintentionally shared with people outside the business. Some measures to help secure work environments could include urging employees to update passwords, prompting them to lock screens and requiring the use of shredders for disposal for hard copy disposal or locking documents away safely.
3. Be mindful of personal devices
Extra thought needs to be given on the level of flexibility for the use of personal devices in the home workspace.
Internet of things devices, like ALEXA, that may be turned on during office hours could record conversations. You should determine what the security policy will be for personal IoT devices. Should they be turned off or entirely removed from the workspace?
4. Consider individuals’ rights when reporting sickness
There is a matter of proportionality here as there are no legal reporting requirements for employers about COVID-19 virus cases. A balance needs to be made between the provision of information in the interest of the public and the protection of the individuals’ rights by collecting only the necessary information. Processes must be managed confidentially and officially by HR and policies updated to cover quarantine, self-isolation and lockdown restrictions.
We hope you find these tips useful. Risk Crew also offers complimentary WFH courses that are available at no cost. We simply want to help minimise home cyber security risks for organisations and their staff. Learn more about our eLearning courses.