Many of us are getting used to a different way of working right now, which may be here for some time to come!
In this blog, we want to look at how we need to think about security and GDPR now that so many of us are working from home. This is not just something for our times right now. With home working becoming more popular in general, it’s worth looking into how you can keep yourself safe.
A reminder of GDPR
We’re sure that most of us will remember the panic which happened when GDPR came into force in May 2018. With many people getting confused and concerned in equal measures about what this meant to their business.
Essentially any personal data which is collected needs to be protected, be that information that is physically written down on a notepad or digitally stored in a document, spreadsheet or database.
We’ve all become used to this legislation now but working from home is going to bring some new challenges as we adapt to this different way of working.
Securing physical data
Offices are generally much more secure when it comes to physical data. If you think about it, we (should) all be locking our drawers and keeping any written data safely filed away. We’re also more likely to have disposal services for this sort of sensitive data when we’re working in an office.
But what about at home?
If you’re not someone who has regularly worked from home, then do you have these things in place? Do you have a lockable cupboard for example?
Yes, this sounds a bit over the top, but technically if you were to not lock away notes which could identify a client, that is a breach of GDPR!
In lockdown, the chances are you’re not having different people milling around your house, but as and when things relax, this may change. We need to be prepared for that, as some companies may take some time to get back to what was the normal working pattern.
Cybersecurity at home
If your staff are using the kit that they normally use in the office, then you may think that things are OK. However, if you’re using networked firewalls in the office and have firewalls on the device, then they are pretty secure. But if you’re working at home, and you’re not going through the networked firewall, then you’ve lost one layer of security.
If they’re using their own personal devices, then they need to be secure too. There is a good chance that the security in place on these, such as anti-virus software, may not be as up to date as it would be in an office. This can be a source of problems, particularly if the laptop, for example, is not just used for work purposes.
What about locking your phone or computer? When we’re in the office, it’s easier to remember that you need to lock your computer, for example, when you move away from your desk. But at home, it doesn’t feel as intuitive, does it?
What can you do?
The most important thing you can do is to make sure that your staff are reminded that GDPR and security is something that they can have a direct impact on. You should have a data controller in your team anyway, so make sure that they’re communicating with your teams on how they can stay safe etc.
If you already have policies in place around staying safe in terms of security and GDPR, then make sure that all your staff are aware of this. If you don’t have any, then think about putting something in place which is easy for your team to understand and comply with!
If you’re not already, look at using a VPN (Virtual Private Network) to limit who has access to your servers etc. By doing this, you’re ensuring not only that you’re limiting access, but you’re also making sure that anyone who is accessing the servers is doing so that in a way that is encrypted.