‘Tis the season to be jolly’ but don’t forget to protect your data along the way!
Welcome back to my blog where we talk about anything and everything data privacy and GDPR (General Data Protection Regulation). Since the holiday season is upon us, I wanted to keep things light this week and not overload with too much mindboggling information. As a lot of us are still working from home I thought it might be useful to share some great DO’s & DON’Ts for at home workers to make sure everyone is up to speed with good business practice.
I'll try to keep it brief and easy to remember but also maybe we could have a little fun along the way.
A list of DO’s
DO Keep your workstation clean and clutter free
As much as working from home can seem freeing and less stressful for some it is important to remember to make sure that your workstation remains tidy. Being able to start the day without having to find your equipment under mounts of paper means you can start the day the right way, plus, papers may have sensitive data on it and although you may trust your family and friends it is still best practice to make sure that all your files remain tucked away, safely in a filing cabinet.
DO Report Incidents
As mentioned before, working from home can be great, however mistakes are more likely to happen as it is a change from your regular set-up and the right security precautions might not be set up to prevent any incidents that may occur. If, despite all data privacy precautions, data breaches occur at an employee’s home, open and honest communication is important. The employee should know how to report relevant incidents to his/her employer. Not every data breach must then be reported by the employer to the information commissioner's office, an external data protection officer can help clarify what must be reported.
DO Encrypt files
File encryption protects individual files or file systems by encrypting them with a specific key, making them accessible only to the keyholder. The goal is to prevent malicious or unauthorized parties from accessing files that are stored on the disk. Support for file encryption can be built into an operating system or file system. A decryption key allows access to the sensitive files. File encryption is helpful if a user needs to send individual files securely over the internet or store them on a removable device such as a USB stick. Encrypting files is of the utmost importance. Without encryption anybody who intercepts data from your organisation will have complete access to it, which could compromise client, staff and business security.
DO Separate work and personal life
Now this one is more of a standard rule that most of us follow anyway. However, it can be a bit hard not to bring work home with you when you are literally working from home. Depending on the circumstances, the best solution for employees working from home is their own lockable office. If this is not possible, the screen should at least be protected against prying eyes. Privacy filters and films are an option in this case.
Software and hardware, such as laptops and common office programs, we would recommend are provided by the employer with technical security measures. This way, the work computer will only be used for work purposes, and private use will only take place outside of working hours. Although we know that using your own device has its own merits, which, whilst riskier, there are mitigating actions which can be put in place.
Some helpful DON’TS
DON’T Ignore security Updates
We all know the feeling when your phone keeps spamming you with a new update and you feel reluctant and end up saying something like ‘I'll do it later’ or ‘Remind me tomorrow.’ However, almost all security software needs security updates or patches installed eventually, and failure to implement these updates leaves gaps in security which data thieves and fraudsters can exploit. Regardless of reasons you may hear in favour of prolonging or avoiding updates, you should always install them.
DON’T Use Business Computers for Personal Reasons
It is the end of a workday and now it is time to relax. For some people this might mean a nice glass of Pinot and a movie, for others it might be a little online shopping. You might even be inclined to do some online social media or video games. Although you may think you know what is safe and secure, it's best not to risk it as there might be hidden viruses just waiting to access your files. Statistics indicate that over 75% of employees use their work machines for personal activities – but your business’ security software may only be set up to protect threats which could come from areas and sites which staff use as part of their work.
DON’T Leave Information or Data Unattended
This one is kind of a repeat from some of the previous advice but nevertheless still especially important. Never leave computer terminals unattended while logged in – not even for a few seconds! Make sure paperwork is not left on desks, printers and at fax machines and documents are always filed away or shredded after use. Whether it is your kids, husband, roommate or friend, a data breach is a data breach, and your business data should be for your eyes only.
While a lot of these seem like common sense or knowledge it is always good to have a little reminder. I hope you are all safe and well and more importantly have a great Christmas ahead of you. As always, it has been a pleasure and I will see you on the next blog post.