Home working and COVID-19: how to protect personal data when your team is working from home
You and your team may normally work in the office so how can you protect personal data when your team is home working during the Coronavirus outbreak?
So many of us are working from home at the moment – for businesses who can keep working this is now an essential way of carrying on but along with great flexibility, home working brings new risks. We identify some handy tips on making sure that your team keeps using personal data safely while they are accessing it from home. Who knows – your team might end up home working more often in the future so getting this right now will set your company up well for the future.
Understand the risks from home working for your business
Every business is different and so is the personal data they process. Only your business will understand any additional risks to that data from you and your team working remotely. Are staff working from work laptops and phones or their own devices? Are those devices up to date with malware protection and are they encrypted? Can your team access the personal data they need? Can they access personal data they shouldn’t have access to? By understanding the risks, you can then put policies and guidance in place to mitigate against these. For example, you might need to restrict access to sensitive data for those working from their home devices. You might need employees to use a Virtual Private Network to protect data in transit.
The National Cyber Security Centre offers ‘bring your own device’ guidance on setting up policies for staff using their own computers, phones and other devices for work.
Have a clear policy on backing-up work
If your team aren’t working from a central cloud system that automatically backs up regularly, you need to think about your approach to backing up work. How can you ensure accessibility of data when needed? How often do you want staff to back-up their work? Where do you want them to back-up that work? If staff are sending multiple copies of documents around by email, how will you ensure the most up to date version is retained? How will you protect backed-up data? Make sure your staff are backing up securely using strong passwords, and encryption where possible. This isn’t just a data protection issue but a matter of company interruption. How much work would it be too painful to recover?
Of course, it’s not sufficient to have a policy but you need to make sure you communicate this to your team. Do you just need to remind people of an existing policy? Do you need to update that policy? Or do you need to create a new policy? If this requires something from scratch, just focus on getting the key points across as quickly as possible. You can then take your time to develop a considered approach for the long term.
Make sure your staff know who to contact if something goes wrong
As with everyday business – and possibly more so with remote working – accidents will happen, systems will be hacked, mistakes will be made. But if someone in your team drops their phone in their mug of coffee, emails something sensitive to the wrong person, or downloads a virus clicking on a bad link, do they know who to contact in your business to report it?
Your team aren’t the only people stuck at home: many criminals are, too. Experts believe more people will turn to cybercrime by attempting fraud and hacking during the Covid-19 lockdown and the National Crime Agency has issued this warning.
Make sure your team know who is responsible for data protection in your business and who to contact if things go wrong. Have you thought about a back-up contact should your privacy manager fall ill?
Tell staff what you expect of them when home working
Whether your staff are used to home working or are working from home for the first time, make sure they understand the requirement to protect personal data and how they are expected to do so. This includes how to ensure personal data – held in electronic or paper form - isn’t accidently shared with people who shouldn’t see it. It also includes ensuing your team is aware of the heightened risk of cybercrime and what they need to look out for.
To help small businesses protect personal data when their staff are home working, we have created a FREE short training video that explains why security is important and what steps they need to take to ensure your business is complying with data protection legislation during this challenging time.
Share our video with your staff - Protecting personal data when working from home.
Astrid is a secure online platform that makes data protection compliance simple. Developed with small businesses in mind, we provide you all the tools and guidance small businesses need to become and remain compliant with data protection legislation. Find out more about our app. Subscribe now to get your small business compliant and safeguard your reputation, your finances and your business. With prices starting from £225 a year, it’s a small price to pay to protect yourself from potential prosecution and penalty fees.
Protect your business - become and remain GDPR compliant with Astrid