As we enter our sixth week of lockdown, Regulatory Group member and GDPR specialist Jane Sarginson provides an easily accessible and timely reminder and consideration of the cybersecurity and wellbeing issues that remote working raises.Covid 19 has resulted in many of us being on lockdown at home with our families. Not only are we under pressure to keep the kids occupied/home-schooled, to go out only when necessary and to exercise for a mere hour a day – but we are also doing our best to remain employed. For some and if you are an essential worker, this might mean leaving the house as usual, but for the vast majority, it means working from home – battling with technology. We have entered the world of remote working.
There are two major aspects of remote working:
a) The technical side otherwise known as cybersecurity
b) The practical side or in other words your approach to working and wellbeing
PART I
Cybersecurity
Cybersecurity is a vast subject but as far as those who are new to remote working it divides into two parts:
a) The responsibility of the employer
b) The responsibility of the employee
Responsibility of the Employer
Before dealing with the security aspect, employers should ensure that they:
- Have a plan, and understand what they want to achieve bearing in mind the limitations in terms of finance, capability and resources
- Communicate with employees and clients, suppliers and customers and explain why you are changing to remote working, reassuring them that your services are still available
- Have a team of people available to assist in the transition from office working to remote working
- Ensure you are supportive to a team of people that may or may not be computer literate
- Have complied with all other compliance issues that arise under the Health and Safety Act, DPA 2018 in the form of risk assessments
- Considered whether there needs to be any change in the contracts of employment
- Informed their insurance companies of the change
The employer when looking to implement remote working should:
- Ensure that employees access the business’s IT systems securely. A straight forward approach to this is to set up a VPN (a virtual privacy network). A VPN creates an encrypted network connection that authenticates the user/device and encrypts data in transit between the user and your services. There are a variety on offer and you need to do your research. If you are a large business you may wish to consider restricting access to your server by dividing it into segments. This means that not everyone can gain access to all information on your server, thereby reducing any risk arising from hacking or ransomware. It is probably best not to choose a free VPN – nothing comes for free.
- Restrict employees so that they may only use work devices to carry out business related work. This will reduce the risk of breaches of security and personal data. Personal devices commonly have less security in place, the risk of hacking and phishing is greater, not to mention the use of the device by other family members, potentially leading to all sorts of unwanted issues.
- Consider employing device management software so that in circumstances where the device is lost or stolen, the data it contains can be deleted remotely.
- Restrict the use of USB’s or such like. These are often used to store sensitive data, they may be the source of malware, and they are sometimes misused and often lost.
- Restrict the use of random software such as video and voice conferencing and instead, set out a policy and identify a software provider that provides the services you require, having first checked out the functionality and security of those systems. In particular review their privacy notices and assess whether the data you use will be confidential to you or whether it will be recorded and shared with other unnamed third parties.
- Ensure that all firewalls, anti virus, and patches are up to date.
- Provide policies and procedures (‘How to…’) documents explaining to your employees how to access the business’s IT using the VPN or other software system.
- Provide a procedure to all to explain what to do if they need help, if a device is lost, or there is a data breach.
The majority of all data breaches or breaches of security arise, not usually from inadequate IT services, but from human error. 28% of all Iphone users do not use a screen lock. The biometric fingerprint is easy to use and should be standard security on all Iphones used for work purposes.
The Responsibility of the employee:
- Read your businesses policies, procedures and ‘how to…’ documents.
- Make yourself aware of whom to contact if you are in difficulty or have suffered a breach.
- Use strong passwords – the longer and less predictable, the better. Do not write them on a yellow ‘sticky’ stuck to the screen.
- Set up two-factor authentication.
- Use the VPN set up by the employer.
- Ensure the firewall is activated and up to date.
- Use an antivirus software and ensure that it is up to date.
- Secure your home router – consider changing the password.
- Install updates regularly.
- Back up your data.
- Use encrypted communications.
- Make yourself aware of the dangers of phishing emails, texts and social media scams.
- Lock your device.
PART II
Your Approach to Home Working and Wellbeing
When Covid 19 reached our shores, we as a population reacted quickly and before we had time to properly plan, many of us found ourselves working from home. For the majority, such a move was not one they would have chosen and there was little time to organise ourselves and to adjust. The move to remote working may well be difficult and stressful. There are bound to be teething problems. Those with whom you communicate, whether they are colleagues or clients, will be in the same situation, and perhaps the support you have previously had access to, will not be there. However, it won’t all be bad, there will be benefits and opportunities that didn’t previously exist, but you need a plan:
- Identify a designated work place. Its all well and good lounging on the sofa, or lying in bed, but you will do a much better job sitting in your designated work place. It helps create focus and divides work from home life. It also helps others at home know you are in work mode and reduces interruptions.
- Impose a routine so that you know what time you are starting and finishing work.
- Take breaks – work is never ending.
- On the one hand, don’t work too hard – on the other hand, don’t relax too much!
- Make sure you communicate with your colleagues/team/manager/clients/counsel. When remote working you need to keep lines of communication open. You need to be proactive.
- To prevent loneliness and isolation – communicate, communicate, communicate.
- Interruptions – in the form of family, children, pets and the doorbell. If you are Skyping or on a conference call ensure you have a designated place. Organise with others at home so you will not be interrupted.
- Self–motivation and dealing with temptation (the fridge), distraction and procrastination. This isn’t always easy. Identify a list of tasks that you wish to complete that day, but make sure you are being realistic. Energy/enthusiasm waxes and wains throughout the day, with it often being at its highest in the morning. Plan your day accordingly.
Experience shows if you persevere, you might find that you end up with a more flexible working day, with greater productivity but with more time to enjoy your home life. Who knows – remote working might become a more permanent feature in the employment scene in the future. It saves commuter time and cost, and further saves the cost of renting office space.
