Many more people are working from home and often one thing that gets overlooked is how to keep personal data and confidential data as secure as it was when working from the office. Data protection regulations are not relaxed merely because you are working from home.
If there is a hack or some other breach, the sanctions are still the same and the potential fines just as high. GDPR and small business legal expert Suzanne Dibble offers 5 tips on how to keep your data secure whilst working from home.
Ensure a firewall and other malware protection are in place when using your own devices
Often when working from home you will use your own equipment that does not have the same security protections as equipment in the office, such as network firewalls and a personal firewall on your individual device. This means that it would be easier for hackers to obtain personal data. Ensure that firewalls are installed and the latest anti-malware protection is securing your devices.
Don’t share your device with other family members
If you may share your device with family members, they may innocently click on malicious links that may install malware onto your device. This would mean that a hacker would potentially have access to your work data. In any event, ensure that you have up-to-date anti-virus protection on your devices.
Always lock devices and don’t share passwords
You should afford data at the same level of security as if you were still working in the office. That includes locking devices, not sharing passwords and also securing any confidential hard copy files in a locked filing cabinet. If your employer has put systems in place to store documents, then this should still be adhered to.
Use strong passwords and don’t re-use the same ones
It’s important to use strong passwords, namely a combination of at least 10 lower and uppercase letters, numbers and symbols. Obviously, you shouldn’t write down your password or have it visible when you are using video conferencing. You should not re-use passwords because if you do, it makes it easier for hackers to take hacked accounts for one login and try to gain access to your other logins. You should protect sensitive data or especially confidential data files with individual password protection for that file and use two-factor authentication where possible (such as a text code being sent to your mobile phone). You should also encrypt such data wherever possible.
Ensure that telephone conversations take place in private
You may be disclosing confidential data on phone calls with colleagues, suppliers and customers so you should ensure that you are talking in a private place and use a headset so that other family members or housemates don’t overhear the confidential data. In addition to sharing confidential information and this potentially being a breach of your employment contract, depending on the nature of the data and the impact on any data subjects that are mentioned in the conversation, this could potentially be a data breach that would be reportable.
It may be that your employer has a Remote Working Policy which covers a lot of these issues and more, so be sure to follow the Policy when working from home.
Use a VPN
If you are working from home, it is essential to have a VPN (Virtual Private Network) so that hackers cannot intercept your data. You will need this if you wish to access business files, use work applications, email and the internet securely. Keep work files separate from personal files and keep both Offline:
Many people like to use the home PC for work and then use an account that is separate from their personal email. This could be a Gmail account or similar. While doing this, make sure all your online activities are untraceable and you’re up to date with cybersecurity awareness campaigns affecting your industry and your geographic area. Remove unnecessary accounts when you are finished.
Use a VPN on all your devices, including computers, tablets, and phones. Don’t forget smart TVs, games consoles, surveillance cameras, and other connected devices that could easily leak out your details. Never use a shared network without a VPN.