What about working from home?
One of the areas that will no doubt be missed is the whole area of staff working flexibly from home. Business owners will concentrate on
cyber security, cleansing different databases and locking filing cabinets but they risk overlooking situations beyond the four walls of their office. Increasingly members of staff are taking advantage of remote working, allowing them to access information while off-site. This provides the convenience of working from home and avoids the travails of the daily commute, yet if they are accessing client information on their laptop, then the same due diligence applied at the office will have to be replicated for that remote location, particularly in relative security of working from your own home..
What are the risks of a data breach when working from home?
A simple example: a staff member is working from home and is interrupted by their neighbour wanting to borrow a cup of sugar (yeah a cliché but it suffices for the purpose to hand). Does the staff member close the cover of the laptop, lock the screen or hide the computer while they respond to their fellow human being’s sweet-toothed request? Remember, if an unauthorised person can access the computer, this would classify as a data breach. If a member of staff needs to work remotely, then procedures need to be set in place to deal with just such an eventuality.
How to mitigate those risks of a data breach at home?
This can be done any number of ways: locking the screen after non-use for a set period of time and one minute is a good starting point. If they are using cloud or VPN services, then the IT department could set up monitoring of the device, including geo mapping, device intrusion checks such as USB sticks being plugged in or locking the volumes so that information can’t be saved from the cloud drive to the local C drive. Information can also be encrypted so that even if the device is misplaced, the data cannot be accessed and read.
Home is where the heart is: The importance of staff training.
More importantly, members of staff need to be trained on the importance of taking active care of information in their possession. That would include documentation and procedures for when an issue does arise and how to minimise the impact. Think of how easy it would be to leave a mobile phone on a train and then think of all the contacts that would stored on just that one device (a fair bit of company database no doubt). In these circumstances the likelihood of a breach happening is quite high. The issue is going to involve considering all the possibilities and having contingencies for the occurrences and taking steps towards prevention starting with staff training and engagement in avoidance of breaches.
See our relayed article on GDPR and phone calls.
The next GDPR Interactive Seminar will be on the 23rd of May at the Bootlescrue (EC2V 6HD) from 4PM. To book click here.
If you need our assistance in getting your organisation GDPR compliant, please see our introductory offer and Services page. Further information is available in our FAQ section. The next GDPR seminar is on the 24th of April. To book click here.