The coronavirus pandemic has had a serious effect on companies across the globe and with a third of the world in lockdown now, thousands of businesses have shifted much of their workers to remote jobs. Although working from home enables a company to continue to function, it poses major security risks, making it more important to ensure compliance with the applicable data protection requirements.
Maintaining the protection of company data is the responsibility of both employer and employee and it is important at this time to continue to implement adequate security measures. Below are a few key points to keep data safe for workers and companies while operating remotely.
What is data?
In May 2018, the General Data Protection Regulations (GDPR) came into force. The UK has adopted the Data Protection Act 2018 as a reaction to the European legislation. The Office of the Information Commissioner describes Personal Data as “any information concerning an identifiable person which can be identified directly or indirectly, in particular by reference to an identifier.” These personal identifiers may include information such as the name of an entity, identification number, location data or information online.
The Office of the Information Commissioner has said they recognise that in the midst of the Coronavirus pandemic, finance or people will be diverted from the normal work of enforcement or governance of information. Although we will all take some time to adjust to our new ways of operating, it ‘s important that we protect our customers ‘ data and all we keep personal data for.
Data Protection
Whenever an organisation creates a new way of accessing its data, it puts that data at greater risk. Organisations should address vulnerabilities to its networks and the physical storage of data. Therefore, most remote workers will have to move data (or devices that can access that data) into public spaces.
While it is impossible to avoid mislaying personal data (there is not much that a company can do other than to develop stringent policies on data protection), there are ways to minimise the damage once the data is breached. Here are some of our top tips…
1. Keep mobile devices and laptops safe
If inadequate security measures are in place, missing and stolen mobile devices and laptops are easy picking for cybercriminals. The first line of defence is to look after them-keep them always in sight while they are in use and never leave them in a car.
2. Ensure all security protection is up to date
Employees who work from home may have security software installed at a device level, however, it is imperative that this and device encryption, firewalls and web filtering is too. Business owners offering employees to work from home should provide devices that meet this criterion or check other devices used are meeting the requirements.
3. Passwords
Strong passwords protect business processes when a computer is lost or stolen. Often, they defend businesses from cybercrime. Good password protection and best practices involve multi-character passwords, two-factor authentication, and passwords that are not reused.
4. Email Encryption
Encryption and efficient corporate email control is a must. There’s a position for both the organisation and the employee. Making sure the network is safe using systems like Mimecast is important, but workers do need to be aware of best practise in email. This includes spotting spam emails, which data should not be sent via email or attachments.
5. Removable Devices
USBs and other removable devices can contain malware, and must first be tested. Many free or collected USBs from an event may be tainted, even unknown to those who supply them. Never plug an unknown USB into a device, or share it. To share knowledge using facilities such as Sharepoint.
6. Personal Data
If personal data needs to be taken back home, make sure it is in a lockable storage unit. Leave no documents in a car or lie in the house, it must be safely locked away at all times. If in doubt, you can always seek the advice of your organisation’s Data Protection Officer.