Working from home has become a common occurrence for most people due to Covid-19. Even with lockdown easing, many individuals and companies and continuing to conduct as much work as possible with their team working from home.
This new way of working has lead to some confusion about what companies and their employees need to be doing to ensure data protection.
To help you out we have created the following guide to assist both the employers and employees.
Nachos Guide to Home Working and Data Protection for Employers
As an employer, you must ensure that your company/business has clear policies and procedures for how data should be recorded, managed and protected within the business.
Due to GDPR, many businesses already have these policies and procedures, however, they may need to be updated to better suit remote working.
Updates needed include:
- Reminding employees to use the most up to date version of any remote access solutions issued to them, this ensures that they have the latest security updates.
- Reminding employees to use unique and complex passwords. As a business, you could provide a remote password CRM for them to use or highlight the security need for any passwords they have to be kept safe – no writing them on notice boards in their home, at the back of work diaries, or even under the stapler.
- Introducing multi-factor authentication where possible. This is where a unique password is required but there is also a secondary confirmation sent to either their email address or a registered mobile phone.
- Changing the username for commonly known login screens such as your WordPress login page or even social media accounts.
Instead of using admin@ for a username, request that this username is a random email address such as officedog’snamehere@. This will ensure that hackers targeting remote workers are much less likely to gain access as they need to work out the username and the password used. Naturally, this email address should exist in real life and redirect any emails to the relevant email address such as admin@.
- Discourage the use of personal email addresses and accounts full stop. Even for accessing tools such as Zoom or Skype.
Common sense and knowing your employees will help you find the right fit for you and your company.
Nachos Guide to Home Working and Data Protection for Employees
Whilst employees should be directed by their employers when it comes to data protection, employees as individuals do have a responsibility to do their absolute best to protect any data that they handle.
Below are a few recommendations for employees to follow.
- Ensure that you are following your company’s policy and procedures when handling data.
- Ensure that you are using approved technology. If you are unsure then contact your line manager or relevant individual within your organisation to check.
- As hard as it is when working from home, consider who can hear your conversations. Try to avoid discussing personal information on a balcony or garden for others to hear.
- Consider your paper trail. If you print data out to make it easier for you to analyse then ensure that the information is kept safe whilst in use. Once it is no longer needed then ensure that the print out of the data is destroyed, a home shredder is ideal in this situation for most data print outs. It may be worth speaking to your line manager to see if they will purchase one for your use if your home working is likely to continue for the foreseeable future.
- Keep personal and business separate. Don’t use your personal email addresses or accounts for business use and vice versa. Not only does this help you keep your personal life separate from your work life, allowing you to switch off easier when working from home, but it also ensures that work data is kept safe.
- If you can lock work away, then do so. Whilst we don’t all have access to a separate home office, or indeed we are sharing these areas with partners who are also working from home or even kids that you are homeschooling. If you can lock work laptop, devices and any print outs away when not in use then this is ideal.
- Keep your password secure – do not write them in a notebook, clip them to a noticeboard or leave loose around your home. Keep all your password secure just as you would keep your online banking details safe. If you are storing your online banking details like this then perhaps its time to consider protecting your own data as well.
- If you are video conferencing via Zoom, Skype or any other devices then consider your background. If you have notes hanging on a notice board behind you then ensure they are removed so they do not appear in your video conference.
This also applies to any photos that you take and share on Instagram etc. whilst at home, ensure that no company information or data is included in the photo.
We are all muddling through this time and trying to do the best under the current circumstances. If you are unsure as to what you should be doing to protect work data used whilst working from home, then contact your employer and clarify things with them.
All comments regarding Coronavirus (Covid-19) and restrictions on business operating in the UK are correct at the time the blog was posted. Please refer to current restrictions in your area to guide you in your response to Coronavirus.
Published: 22nd Jun 2020