Data Protection While Working from Home
Whether you regularly work remotely or are recently having to adjust to it, such as during the Covid-19 pandemic, it remains of the utmost importance that you still consider data protection. This means ensuring you are handling and storing personal information securely, in accordance with the Data Protection Act and GDPR. Your change in working conditions may mean you lack the preparation or capabilities that you have under normal circumstances.
Here, we look at the working from home legal requirements you need to adhere to if you usually follow the principles of the Data Protection Act and GDPR.
How Does Working from Home Affect Data Protection?
Working from home presents different risks than doing so in an office environment, particularly when it comes to data protection. For starters, you may be using equipment which you don’t usually use for work, such as your personal laptop or computer. It is highly likely that your own device does not have security measures as secure as your workplace one.
For example, your workplace may have a network firewall on the company router and a personal firewall on your individual computer. This makes it harder for hackers to get through, helping to prevent unauthorised access to your computer and the information stored on it. However, it is unlikely that the device you use remotely will have both of these types of firewall, meaning the data stored is less secure.
Furthermore, you may share the device you use between family members, and you can’t constantly monitor what websites they visit or links they click. This is how malware is often downloaded onto a device and, if this does happen, a hacker potentially has access to any data you have stored, including work-related.
You should also be cautious when taking work telephone calls from home, as you may have to speak to customers, clients or colleagues about confidential information. You should make an effort to have these conversations in private and not in front of people who aren’t members of the company. If children are not in school, this may be particularly challenging. You should also be aware of anyone else who enters the premises and may overhear what you are saying. For example, a plumber visiting your home or members of the public if you are working in a café.
Why is it Important to Consider Data Protection When Working from Home?
Essentially, working from home creates a new way of accessing confidential data and poses a greater risk of the data’s security being breached. In addition, if data is compromised while an employee is working from home, it can be difficult to identify how it happened and when. It’s therefore crucial that you prevent data breaches from happening. This means that your employer should put additional provisions in place to prevent data from being misused or mislaid at home.
Protecting data is incredibly important for everyone, whether that be customers, staff or students. You have a legal responsibility to follow the procedures that your business puts in place, wherever you are working, to ensure compliance with the Data Protection Act and GDPR.
6 Steps to Ensure Data Protection While Working from Home
It is likely that your employer will have addressed the vulnerabilities we have outlined and considered how they can help to keep sensitive data secure. As an employee working remotely, it is your responsibility to follow the precautionary measures that have been put in place to ensure you remain legally compliant. To help you do so, we have put together six steps that will help you protect the data you handle and store while working from home.
1. Follow the same processes you would in the office for data protection, adapting where necessary.
You should treat the data you collect and handle the same as you would if you were in your usual workplace. However, as this article has explained, you will need to take further precautions when working from home. To help keep data confidential you should always lock your device if you are going to leave it unattended. This must be done even if it is just your family who will be in the house.
You must also follow the storage and other data protection procedures that your employer has put in place. For example, saving files to a designated drive or system, if you have network access. Documents will be much safer here than on your own hard drive. This may already be what you do when you work in an office, or new procedures may have been enforced for remote working.
2. Make sure your security software, such as firewalls and antivirus software, are up to date.
A firewall acts as a barrier, preventing unauthorised access to your device or network. This makes it harder for a hacker to gain access and helps to keep the information you hold on your device secure. Meanwhile, your antivirus software protects your device from malware, such as viruses, worms and Trojans. It detects and prevents malware from downloading, and can remove any that do reach your device before it can damage or steal your data. You must not disable either of these types of security software, and keep them up to date. You should also check that any other software or programmes that you use are the latest version available.
3. Set secure passwords.
The device that you use, whether that be a company laptop or personal computer, must be protected by a strong password. Strong passwords are those that are a combination of at least 10 lower and uppercase letters, numbers and symbols. You must never use the same password for more than one account or write them down. You should also protect files that hold sensitive data with a password, and use two-factor authentication where available. Two-factor authentication requires an additional piece of information as well as the password in order to gain access to the data. You can find more information in our article ‘Password Security Guidance’ here.
4. Encrypt your device and documents.
Our Senior Developer at High Speed Training, Jo Biesta, recommends always encrypting the hard drive of your computer or laptop if using it to work from home. Encryption is the process through which data and information is converted into code to prevent unauthorised access. It doesn’t prevent a potential hacker gaining access, rather it means that if unauthorised access to the data is gained, all they can see is ciphertext. The sensitive information is scrambled into random code, so is of no use to a hacker. You can only turn the ciphertext into plaintext if you hold the encryption key.
If you have a Windows laptop or computer you can encrypt the device using BitLocker Drive Encryption. With BitLocker, you can lock the normal startup process of the device until you enter a PIN or startup key. You can also encrypt individual documents in order to protect the sensitive data that is within them.
5. Keep hard copies of sensitive information just as safe.
When protecting sensitive data, you must also consider information which is in a physical form. You may still be handling letters or other hard copies, such as information you printed out or took home to use while working from home. To keep the information on any hard copies confidential, you must never leave it lying around. Ideally, you should store documents in a place where there’s a low possibility of other people accessing them. For example, a locked drawer or safe.
6. Ensure you are fully trained.
Finally, you need to be fully trained in how to keep data safe while you work from home. Even if you have previously received training in data protection, you will find a refresher beneficial as you adjust to your change in circumstances. High Speed Training offer both Data Protection and Introduction to Cyber Security online training courses. You can click on the links to read more about each and find out which course is best suited to your needs.
You will likely need to change your working behaviours and adapt to the circumstances when working from home. It is incredibly important that you continue to follow the procedures in place to ensure that the data you have access to is handled and stored safely. You should now understand what actions you can take to protect any sensitive and/or confidential information that your company accesses.
If you have any further questions, you should speak to your manager or IT department. They will have a thorough understanding of the procedures in place at your workplace to comply with data protection legislation.
What To Read Next:
- What are the Most Common Types of Cyber Attack?
- A Quick Guide to Selecting Suitable Data Protection Methods
- Online Data Protection Training Course