In March of 2020, the Coronavirus disrupted our everyday life by demanding we all remain in our houses, a grounding the likes of which have not been seen since the infamous sibling spat which sent both of you to your rooms without any tea! Since that first, in hindsight rather optimistic, lockdown, the number of people who have continued to work from home has skyrocketed. Many of us have had the disheartening experience of realising that the self discipline we hoped we possessed, appears not to have been as innate after all!
For data practitioners, there is an additional challenge as they attempt to navigate the gargantuan task of safeguarding personal data, and mitigating the risk of data breaches, from home. At DPAS we’ve decided to rise to the challenge presented by Covid, and share some of the advice that we believe will help take your mind off anything even vaguely edible still dwelling in the fridge, and back onto the job at hand!
- Data Protection and Official Organisation Policies
Every employer should produce a defined policy for their employees, covering established procedure for anyone working from home. Data Protection should be embedded as the cornerstone of these policies and procedures, not only to establish a framework which supports employees but to ensure your organisation remains compliant with Data Protection. We would also advise that these policies are made readily accessible to all employees.
- Staff Awareness of official Policies and Procedures
Clarify your expectations!
This will help remind employees of what the appropriate guidelines are to follow while they are working from home, keeping everyone on the same page. You can spend as long as you like drafting the perfect policies and procedures for your organisation, if they’re not appropriately communicated to staff, you’re merely shouting into the void!
Employees should be reminded regularly of the policies and procedures to promote standardisation in work production. This will minimise the use of shortcuts and unapproved methods of communication, with the potential to put personal data at risk.
- Keep Data Secure
Employees should only use approved technology when handling personal data and conducting work-related tasks. Every device that employees use should be fitted with the approved software that has been checked to ensure it is providing the best protection for personal data.
Employees should never send emails through their personal accounts or use unapproved software for different forms of communication.
This may seem obvious but we guarantee that someone will make this mistake!
If employees are using devices that have been issued by their employer, the employer has a duty to ensure that the devices can be securely supported and updated remotely. Furthermore, employers should take preventative measures to ensure that mechanisms and checks are in place to prevent external data breaches from third parties.
- Keep software updated and separate
Employees should ensure that the devices and software they are using are updated regularly, and maintain security. This can be done by conducting regular checks on operating systems and software for any potential security concerns. Employers are responsible for providing appropriate anti-virus software for employee use. Employees should be regularly reminded to never open unverified links or attachments (a tip we encourage you to utilise in your personal life as well!)
- Filing systems and storage
We’ve all heard the phrase, you shouldn’t… you know, where you work, right? Well in this case, you shouldn’t store personal data in the same place you store your works data. Employers should create and implement protocols on the management of the organisation’s data by ensuring that the device owner’s data and the organisation’s data are kept separate.
Staff should be reminded not to move the organisation’s data into their personal storage or onto separate personally owned devices.
All staff should follow the organisation’s policies to safely process print outs. We also recommend that all work-related paper and devices should be locked away at the end of the working day if possible. This will allow staff to detach and unwind from work, an important practice when working in your home – oh and it’s also a pretty good pre-emptive measure against loss or theft of personal data!
- Layers of security
We all live and work in a world increasingly dictated by ever evolving technology. While this means it’s never been easier to connect with each other, it also means it’s never been easier for someone to gain unauthorised, remote access to your accounts and devices, necessitating vigilance when it comes to password security. The National Cyber Security Centre recommends that everyone should use a ‘three-word passphrase’ instead of a password as part of their #thinkrandom campaign, and we couldn’t agree more! We would also recommend using different passwords for different accounts; if one of your accounts is compromised, the breach will likely remain contained to that account only.
There are additional measure which can be taken to improve cyber security;
- The implementation of multi-factor authentication to support password security,
- Encrypting documentation with passwords and sending the password via another method
- Using Encrypted email providers, such as Egress.
- Have you got the tools you need to work effectively from home?
It is a legal requirement for all employers to supply their employees with all the resources they need to work. It would be naive, as an employer, to assume that your colleagues have the same resources at home that they did in the office, e.g. additional monitors, keyboards, mouse, the list goes on!
If staff are not equipped with appropriate resources all kinds of scary things can happen, poor productivity, data breaches, deviation away from compliant practises.. it’s enough to give any data practitioner nightmares! It is essential that every employee conducts a Display Screen Equipment (DSE) assessment for their home office.
Effective, secure communication is a vital part of an organisations’ efficiency. One of the best ways to maintain competent communication, and help employees to safely share data, is by utilising approved secure messaging apps and online document sharing systems.
Working from home can be very isolating, supporting your staff’s mental health is just as important as providing them with the physical tools needed to continue working from home.
Consider having a group chat with each team where everyone can touch base with each other at the start and end of each day. This group chat can be used to ensure everyone’s wellbeing and to distribute the workload appropriately.
(You may want to check that the Wi-Fi connection you are using is secure and password protected).
- Define and establish boundaries
Whilst dependent on an individual’s living arrangement, dedicated office spaces are heavily recommended for anyone working from home. We’re all guilty of taking our work home with us from time to time, but when you’re living and working in the same space, separation between the two worlds will benefit your mental health immeasurably.
An acceptable work environment should be defined in your organisation’s official working from home policies and procedures. Encouraging employees to create a defined work environment will also help to ensure that any personal data processed from their homes are not accessible to anyone else who may live there. Employees should be reminded to always maintain confidentiality.
- Consider staff wellbeing
Many data breaches occur when staff are distracted, stressed or when time pressures result in deviation from established procedures. Everyone should be encouraged to take regular breaks, we’re all only human beings after all!
Employers should encourage their staff to take quick walks outside, or ten minute tea breaks, to break up long periods of work.
Staff should break up tasks into manageable chunks where they can completely focus on each task and not get distracted by other pieces of work.
Additional points to consider
- To protect your wellbeing, consider turning off your work-related notifications from your laptop or mobile phone when you are no longer on the clock. This can be especially important if you use the same devices for both professional and personal purpose
- Check if your employer offers discounts on eye tests before you book your eye test ( your eye test may be covered under occupational health)
- The government’s Health and Safety Executive offers a free template on how to conduct a DSE assessment (https://www.hse.gov.uk/pubns/ck1.pdf).
- Multi-factor authentication is key to improving access control and strengthening cyber security by mitigating the risk of unauthorised access by individuals.
Far from an exhaustive list of things to consider when working from home, we hope this guide has provided some basic check points to help you get started!
For further information on how we can help improve your data strategy and compliance within your organisation, feel free to contact the DPAS team on 0203 301 3384, or email us at firstname.lastname@example.org, for a no obligation chat to see if we can lighten the load for you!