Working from home is the new norm in the new world, businesses need to prepare themselves for long term change. Allowing staff to work remotely can bring benefits but also generates new data and new risks at the same time. Businesses can help protect themselves by following basic guidance and by following data protection principles:
- Put clear policies and procedures in place for staff who are working from home. There should be clear guidelines around accessing, handling, and disposing of personal data.
- Ensure you install the most up to date version of your remote access solution before allowing people to work from home.
- Train staff in how to choose a unique and complex password and provide multi-factor authentication if possible.
- Provide staff with company-issued devices to work on at home if you can – it is the most secure solution. Ensure they can be supported and updated remotely.
- If staff need to use their own devices at home, put corporate cloud solutions in place – these will help prevent staff using their own personal storage or messaging services. This storage should not be accessible without a password.
- Ensure that the device owner’s data and that of your organization are kept separate. It should not be possible to move the organization’s data into personal storage, for instance.
- Only give individual members of staff access to the areas they need to do their job. Not everybody needs access to everything.
- Put account lockouts in place which disable accounts after several failed log-ins.
- Try to avoid allowing staff to work remotely on their own device without any of the above measures in place. It is the least secure option. Security risks arise because devices often contain out of date software and are shared between family members. Data is unlikely to be encrypted and can be easily moved to external storage.
- Ensure staff are trained in how to spot phishing attacks on email – and remind them to use the corporate account and not their own personal email account for work emails.
Read our full whitepaper ‘Data privacy in a pandemic: The challenge for business‘.