2nd April 2020
With the UK in lockdown, the recommendation is that as many people as possible should work from home and already a large number of employees have set up a homeworking space. However, what are the implications? Is it just a matter of redirecting post and phones and then asking your IT provider to enable remote connections to the central server for all your home workers?
Well certainly remote dial in is more secure than sharing files by email but there are a number of other security considerations for businesses whose people are working remotely including GDPR requirements and business security. Let us look at some of the key issues starting with:
The equipment and technology. It is important to make sure that staff that are expected to continue working from home or a remote location have the right equipment and technology to carry out their tasks effectively. There are some basic questions that need to be asked to ensure that they can operate with minimal disruption to the overall business.
Many people are not familiar with working from home and will need supporting to work safely and effectively.
GDPR. The General Data Protection Regulations are designed to protect the data privacy rights of individuals. You may think you have adequate systems in place whilst in the office environment, but are these protections equally strong when individuals are working from other premises?
It can be so easy for people to think they will just transfer a file onto their home laptop to work on out of hours or to enable them to work quicker if their home broadband connection is slow. The intention might be good but it drives a coach and horses through GDPR regulations. So now is the time to remind all of your people of their GDPR obligations as well as working with your IT provider to set up a system whereby files cannot be copied or transferred away from the central server.
Data security. The use of a Virtual Private Network (VPN) can also help to provide extra levels of data security but it is not the sole solution. When working from home your people may be reliant on an open home group or unsecured public network, neither of which are ideal when it comes to data security.
The south-west cyber protection unit from Devon and Somerset police recommend that individuals take steps to secure their home network or tether to a 3G/4G connection point such as a mobile phone. There is also a recommendation that individuals reset their home security passwords, including those on their routers, as many of them still carry the default admin password rendering them vulnerable to attack. In any event, it may pay for businesses to arrange for their IT provider to carry out a home security audit for each of their people.
Passwords. On the subject of passwords, we are all required to use them to gain access to numerous online accounts and to keep our information secure. However, the consequences of our passwords getting into the wrong hands can be disastrous. It is just as important when working from home to have robust passwords in place when you are online. Please see our ThinkIT’s recent fact sheet PASSWORDS – what makes a good password? Where they look at some of the mistakes made when setting up a password and some techniques to make your passwords safer.
Phishing. More people working from home invariably means more emails flying around. This invariably increases the opportunity for fraudsters to launch phishing attacks. The golden rule here is that if you are in any doubt, do not open the email before you have picked up the phone and checked with the originator. Depending on your system, it could also be possible to block or divert external emails thereby ensuring that some home workers only receive internal mail.
Staff. Importantly, employers should not forget that staff still need to be carrying out their duties in a safe working environment when working from home. Try to install some protocols for home working that will help mitigate any possible health and safety risks. If possible, employees should try to find a dedicated workspace where they can work uninterrupted.
They should also be reminded that any cyber security procedures still need to be adhered to, even from a home or a remote location. Above, all keep communicating with them and let them know what is expected.
ThinkIT Commercial Director Paul McCarthy commented, “when working from home the golden rule is to ensure that all your people have the right equipment and technology to carry out their work tasks and to make sure your staff think security at all times. In these unprecedented times we stand ready to help our clients to review their existing systems and equipment with a view to improving security for home working.”
If you would like to discuss any IT security or equipment issues you or your staff have with working from home or you planning to work from home, please contact Paul McCarthy by email at: Paul@thinkit.uk.com