With the current challenges we are facing, brought about Coronavirus, Covid-19, working from home is now mainstream. But, what does this mean to your data security, GDPR and do you have a working from home policy in place that all staff can understand?
Options for businesses when home working
A working from home policy allows you to guide staff that would normally work from home about how they would process data. Working from home and GDPR presents many challenges for a business. The problem of children and other distractions are not the only challenge during the Covid-19 pandemic for workers, but security is a concern too.
If a member of staff does not have a company computer or tablet, does a business buy IT equipment or allow the use of home computers? The former is the best solution but given the speed at which the Covid-19 crisis accelerated, there may not have been time. Cost is also a key factor for businesses. Any spend of this type won’t have not been planned. Businesses may be unwilling to spend money with financial futures being uncertain.
Use of Home Machines
The alternative however, is a bigger issue. Most home computing devices are often shared machines. Whether it is the children doing homework, family members shopping or anyone checking email, such devices are shared. Therefore, security on these machines is often way short of the levels required by business. There is often no control over web sites visited and content or applications downloaded. All this adds up to a machine being vulnerable to attack.
The use of passwords on home machines is sporadic, if at all. Where passwords are used, they are often simple or written down for all to see. The user experience is more important than security. Anti-virus is common but not always up to date.
The key GDPR element is document storage. If an employee is to use their own machine, data must not be saved to local drives or USB storage devices. Failure to observe this most basic of policies creates an additional data source which business has no access to and no control over. Auditing this data is almost impossible. If other family members can access it and read it, then a data breach could occur.
When working from home, VPN technology can be used for access the the corporate network but, if the home machine is already infected, this could leave a pathway open to a potential cyber criminal. Efforts have to me made to ensure the machine to be used has suitable security.
Staff must be reminded that the practices they use in the office, on company machines, does not apply at home. The same security they enjoy but often know little, about, may not exist at home. Care should also be taken with printed documents as will ‘can go missing’, if only required for use with crayons!
We can provide a working from home policy for you that will help guide your team. This will help prevent mistakes that could lead to a data breach. With all that is going on right now, it is the last thing a business needs. We can also provide online training both one to one or, one to multiple staff members to help reinforce the message that care must be taken when working from home.
Don’t let Covid-19 home working create a GDPR problem for you.
Call us today on 03333 22 1011 or via email info@thegdprcc.co.uk or contact us here and let us help.
0 Comments