Recent surveys of data privacy and the impact of home working have revealed some disturbing weaknesses in business and personal data privacy during the pandemic.
In a recent report on the effects of remote working on UK cyber security, Hayes Connor solicitors survey revealed that 20% of home workers have had no training at all in cyber security. The same percentage have received no data protection guidance while working from home during lockdown. A quarter of companies are not using encrypted email software, while two thirds of companies have no robust password and encryption security policies in place.
Another survey carried out by document management company Go Shred revealed that one in five workers said that they had printed confidential employee data at home, including financial and medical information. Moreover, once printed, just under a quarter of the respondents admitted that they had no means to securely dispose of the documents and were storing them to take back to the office when it reopens; an additional 24% of respondents claimed to use a home shredding machine but then went on to put the shredded documents in their own domestic waste.
Secure document disposal should be a key part of every company’s data protection procedure to ensure that the methods used by their employees to dispose of printed material will prevent personal and business information from being put at risk and falling into the wrong hands. This is just as important at home as it is in the office. Organisations should ensure their employees have read and understood company procedures so that they know the danger of printing information at home.
It is important to support these procedures by providing appropriate equipment and services, such as a shredding machine or collection service, so that no employee is called upon to use their own judgement and act according to what is available in their home environment.
It seems that in the panic to keep businesses functioning during the pandemic, many decided it was acceptable to lower their privacy standards and ignore data protection rules. In the early days of the pandemic, this was perhaps understandable but a year on companies should have taken steps to tighten up on their remote working data protection standards. There are additional tips on what to include in a remote working policy in the video, The Dangers of Working Remotely, on our website Home page .
Employers have a legal responsibility to provide their staff with clear data protection guidance to ensure they do not act in a way that risks exposing the personal data they deal with.
If you are worried about your company’s data privacy and the impact of home working, you can assess your company’s data protection compliance standards by asking the following questions:
• Do we have clear policies and procedures for home working employees?
• Have we trained all remote staff in these policies and procedures?
• Have we provided staff with the necessary equipment and services to allow them to follow the policies and procedures?
• Have staff been made aware of the increase in cyber attacks during lockdown and the importance of using secure and complex passwords?
• Have we carried out appropriate due diligence before introducing new software solutions such as video conferencing solutions and VPNs?
• Do we have robust IT procedures to ensure enterprise software is kept up to date?
• How do we ensure that software on devices of remote workers is kept up to date?
• Do we allow staff to access our systems using their own devices? If the answer is yes, how do we ensure that the organisation’s data is kept separate and that the software on their devices is kept up to date?
This article has glimpsed at just some of the security considerations around remote working. You can find detailed checklists about how to secure business data for home workers on the data protection Regulator’s website.