Home working and COVID-19: how to protect personal data when your team is working from home

The National Cyber Security Centre offers ‘bring your own device’ guidance on setting up policies for staff using their own computers, phones and other devices for work.


• Have a clear policy on backing-up work
  
  If your team aren’t working from a central cloud system that automatically backs up regularly, you need to think about your approach to backing up work. How can you ensure accessibility of data when needed? How often do you want staff to back-up their work? Where do you want them to back-up that work? If staff are sending multiple copies of documents around by email, how will you ensure the most up to date version is retained? How will you protect backed-up data? Make sure your staff are backing up securely using strong passwords, and encryption where possible. This isn’t just a data protection issue but a matter of company interruption. How much work would it be too painful to recover?
  
  Of course, it’s not sufficient to have a policy but you need to make sure you communicate this to your team. Do you just need to remind people of an existing policy? Do you need to update that policy? Or do you need to create a new policy? If this requires something from scratch, just focus on getting the key points across as quickly as possible. You can then take your time to develop a considered approach for the long term.
• Make sure your staff know who to contact if something goes wrong
  
  As with everyday business – and possibly more so with remote working – accidents will happen, systems will be hacked, mistakes will be made. But if someone in your team drops their phone in their mug of coffee, emails something sensitive to the wrong person, or downloads a virus clicking on a bad link, do they know who to contact in your business to report it?
  
  Your team aren’t the only people stuck at home: many criminals are, too. Experts believe more people will turn to cybercrime by attempting fraud and hacking during the Covid-19 lockdown and the National Crime Agency has issued this warning.
  
  Make sure your team know who is responsible for data protection in your business and who to contact if things go wrong. Have you thought about a back-up contact should your privacy manager fall ill?
• Tell staff what you expect of them when home working
  
  Whether your staff are used to home working or are working from home for the first time, make sure they understand the requirement to protect personal data and how they are expected to do so. This includes how to ensure personal data – held in electronic or paper form - isn’t accidently shared with people who shouldn’t see it. It also includes ensuing your team is aware of the heightened risk of cybercrime and what they need to look out for.
  
  To help small businesses protect personal data when their staff are home working, we have created a FREE short training video that explains why security is important and what steps they need to take to ensure your business is complying with data protection legislation during this challenging time.
  
  Share our video with your staff - Protecting personal data when working from home.

About Astrid

Astrid is a secure online platform that makes data protection compliance simple. Developed with small businesses in mind, we provide you all the tools and guidance small businesses need to become and remain compliant with data protection legislation. Find out more about our app.

Subscribe now to get your small business compliant and safeguard your reputation, your finances and your business. With prices starting from £225 a year, it’s a small price to pay to protect yourself from potential prosecution and penalty fees.