It’s May. We are now well into the second month of Covid-enforced remote working. The dust has settled, routines have been established, and most of us are now fully operational in our makeshift home offices. But for many, mandatory home working has raised new concerns about GDPR and data security.
In the two years since GDPR was established, most organisations have had time to ensure full compliance and implementation of all necessary changes. However, no-one could have anticipated the challenges created as entire workforces uprooted themselves and plugged into potentially more ‘vulnerable’ home networks.
For cyber-criminals, this vulnerability has enabled them to exploit this opportunity and target users who might not have the requisite data protection systems in place while working from home.
Remote working policies
Every employer should already have teleworking or work from home policies in place, but Coronavirus has compounded this necessity.
It is important that all staff review these policies to ensure they are familiar with them. These policies will cover the use of personal computers being used for work purposes, and safe working practices such as having a clear desk.
Accessing company data from a remote location
Article 32 of the GDPR focuses on the security of processing, the purpose of which is to ensure the ongoing confidentiality, integrity and availability of personal data.
When working from home, staff will typically be using a laptop computer brought from the office, or a personally owned machine, usually kept at home. There are many ways to access company and personal data when outside of the office, such as:
- Accessing systems such as Office 365 or G-Suite directly using a web browser over the internet
- Using a company-supplied VPN to directly access the office network
- Using a remote desktop solution
Computer safety at home
Although most people are using their work laptops at home, many have had to rely on their personal computers or laptops. This raises the issue of whether the requisite protocols are always in place to ensure the protection of company data. We’ve prepared checklists for both users of home and work computers or laptops: