Secure working from home
Rather unsurprisingly we’ve written a few articles recently about options available for businesses whose people are working from home. We’ve covered areas such as the way in which virtual switchboards can help to manage call flow. We’ve looked at conference calls; both as a replacement for office meetings and as a way to help employees to feel a little less isolated.
We’ve also covered areas such as the use of bulk SMS texting and the deployment of emergency information lines as a means of updating employees, customers and others. All of these could be seen as standard elements within a business continuity planning package which looks towards meeting key communication and information targets.
But there is another consideration for businesses whose people are working from home, particularly when so many are working from home for the first time. That is the requirement to consider security of data. It can be so tempting, particularly when broadband speeds are poor, to just download a file and work on it offline. Or perhaps, if distractions from other family members who also at home have led to it being unfinished, why not just email yourself a file to work on in the evening?
In effect, however, actions such as these potentially drive a coach and horses through GDPR (General Data Protection Regulation) guidelines. Whilst GDPR regulations do state that measures taken should be appropriate to the nature and type of business and the data held, transferring data away from the secure confines of business systems is exposing data to greater levels of risk.
This therefore could be good time to remind all employees of the part which they have to play in delivering data security. It also might be worth organisations considering whether they should work with their IT specialists with a view to perhaps restricting access to certain files to named individuals or blocking the transfer of data away from the organisation.
Another area worthy of consideration is the level of security which your employees have on their home devices. It’s all very well setting a secure login, but if that login is dependent on home broadband or portable Wi-Fi devices then it’s probably worth checking that those devices aren’t still operating with the default password that they came with. ‘1234’ or ‘password’ might be easy to remember but they are also easy to hack. Remember, whilst data protection law doesn’t prevent people from using home devices, the ICO (Information Commissioner’s Office) says that businesses will “need to consider the same kind of security measures for homeworking that you’d use in normal circumstances.”
Finally, when you’re working with your people on boosting GDPR security it is also worth adding some training on thwarting phishing attacks. When you’re not in the same office as your team leader it might not be as easy to check that email requesting a release of funds or to click on a ‘vital download.’ But the watchword here should be to be suspicious and to pick up the phone and verify the request. The ICO website has set up an information hub for those looking to be data secure at this time including how to stay one step ahead of the scammers.