Working from home during lockdown has become a necessity for many businesses. Although working remotely means a business can continue to operate, it presents increased security risks for the company and the information in its possession. Below are some tips to help keep personal information safe when working away from the office.
Servers. Secure servers should be used, allowing access only to authorised persons. Ideally, document management systems should be implemented.
Home networks and encryption. Employee wifi connections should be reviewed and password security set at a sufficient standard. Wifi should be of a sufficient speed and quality. Documents should not be saved locally unless approved security measures are in place.
Devices. Where possible, only company provided IT equipment should be used from home. The use of a personal device increases the risk to security, particularly if other people use the device, and will require the implementation of additional security measures. Additional care should be taken to ensure that devices are updated regularly, are not lost or misplaced, are kept out of sight and are not easily accessible to unauthorized persons. Users should be required to log off, lock and store devices carefully when not in use or left unattended.
Passwords. Passwords should be at a sufficient level of complexity and updated frequently. Extra authentication should also be considered.
Documents. Working from home increases the risk that confidential or personal information could become inadvertently disclosed to parties who should not have access to it. It is important that documents only be printed when it is essential and particular care should be taken to store documents securely until they can be disposed of correctly.
Policy management. New or updated policies may need to be implemented to include remote working. These policies may include: how to protect the physical security of personal information when working from home; how to uphold cyber security at home (being more vigilant); and how to make safe use of devices at home. Proper implementation of policies will require regular employee awareness training. Policies will need to be updated regularly in response to current practices and incidents. It is important to keep track of changes in how personal information is processed and to keep staff up-to-date on security requirements.
Training. Now might be a good time to require that employees take online training or refresher training to promote and maintain compliance with data protection standards while working from home.