Switching staff to Homeworking?
In response to the Government guidance on Coronavirus, many staff are now working at home. Homeworking needs to be clearly thought through, as there are many potential practical and security issues to this solution which need to be addressed. Now everyone is settled into homeworking roles, now would be the time to ensure all due considerations have been made.
This scenario is a potential windfall for cyber criminals & you can bet they will be waiting to exploit it. The legal requirements of GDPR also need to be factored into this change.
Everyone wants to protect their staff and society in general, but don’t in doing so create the business even more problems.
What needs to be considered ?
How are staff accessing their files / work?
- Is the online access to your network or a Share File cloud application secure? (Eg. via a VPN connection )
- Does the above have sufficient capacity / connection / licensing to maintain homeworking?
- Are Staff Broadband connection speeds adequate / causing problems?
- Are too many home user connections causing issues?
- How secure are staff routers? eg. default factory passwords
- Will staff take copies home (Hardcopy / USB etc) – Will they be security in Transit or if accidentally lost?
- How is document versions / change being controlled?
- Are staff storing data locally & how is this being controlled / secured?
- Is it acceptable for staff to use mobile phones or tablets for access and/or storage?
- When & where are they accessing your data?
Home working equipment
- Do you have sufficient mobile equipment to maintain everyone at home?
- Was the equipment that has been deployed updated with latest software security patches?
- Who is managing the inventory of equipment deployed & ensuring its recovered it on completion?
- Is staff own equipment having compatibility issues or limiting efficient home working?
- How secure is staff equipment? – Firewalls / AV / Malware / Passwords – Did anyone check?
- Are they running supported software (Eg. Not Windows 7 / Office 2010 etc)?
- How are they able to report any IT issues & to who?
- Is there sufficient IT support resource to help resolve issues?
How will staff share data & communicate?
- How is data being shared between staff securely?
- Are staff accessing work email or using personal accounts?
- Is staff private email sufficiently secure or permitted?
- Is effective call re-direction / routing in place?
- How will changes to policy, security requirements or situation by effectively communicated to all?
- Is there facilities for secure virtual meetings ? – Or are staff setting up their own?
- Is there a policy defining data classifications & security in handling?
- Is there policy on data destruction requirements – Eg. Paper Shredding?
- What restrictions / policy is there on the use of social media?
Confidentiality & legal
- Are staff covered by confidentiality agreement / policy?
- Does above sufficiently cover homeworking & family?
- Is there potential risk from other family members? eg. competitors staff / breach of confidentiality?
- Do you have adequate policy defining rules for homeworking?
- Will this contravene any Data Processing Agreements in place with relevant Data Controllers or requirements of commercial contracts?
- Will your privacy policies & notification correctly reflect this change?
- How are you monitoring staff and managing productivity / time keeping?
- How will home working impact your ability to detect data breaches?
- Who pays for homeworking costs?
- Will is current data back up being made & is it consistent? Who’s responsible?
- How long can homeworking be sustained for?
- How will staff sickness be reported, monitored & covered?
- Has planning identified key / single staff resources & identified continuity to cover illness? eg. Your IT resource could be critical
- Is there BC planning identifying key external resources, which may need to also be covered if lost?
There is a lot to get right to avoid issues down the line, but hopefully this helps some way in covering off these.
Please contact me if you need guidance or support: