More people are currently working from home than ever before. Many companies have adapted to the change, but one aspect is often neglected: data protection. Because in the home office, there are special conditions that require extraordinary measures.
When Covid-19 forced companies worldwide to work from home last spring, it was completely new territory for many companies – many companies are still working on introducing remote work. Due to the jerky and fast changeover, a fundamentally important topic has often received little attention: data protection. The move to working from home brings new data protection challenges that are not necessarily immediately obvious, and many companies may not even be aware of them.
Creating Technological Foundations
Working from home requires employees to have access to all data and programs. For this, you need a secure connection via the Internet. To not leave any gaps in terms of data protection, companies should rely on secure VPN connections. Two-factor authentication within applications also increases security.
If an employee cannot access company servers or storage or temporarily stores files locally for other reasons, personal data must always be stored locally in encrypted form.
For the company to keep track of access restrictions and authorization systems, it is advisable not to use personal devices for business purposes. Alternatively, MDM software can also control access and authorizations, which has to be installed on a remote machine. A bring-your-own-device (BYOD) strategy is still possible.
In general, cloud business software helps with data protection since data storage and administration are carried out centrally, and critical data is not stored locally. This makes it possible to work safely in the home office.
Separate Work And Private Life
When the living room suddenly becomes an office, it isn’t easy to separate private and workspaces. But especially concerning data protection, a clearly defined difference must be made here, for example, when storing media. Personal USB sticks or hard drives should never be used here to transport work-related data, as it can happen quickly that they are never deleted. They also increase the risk of dangerous computer viruses.
With many now also using private cloud storage, there is a risk of inadvertently choosing the wrong storage location for data. An important document quickly ends up on Google Drive or a personal Dropbox and becomes a danger. Employees working from home should not use private email accounts or cloud storage on company devices to prevent this. For example, employees can create a separate profile for work to avoid such mistakes when using a personal device.
Note Third-Party Access
Even when working from home, employees must ensure that no unauthorized persons access company data. This includes that passwords may not be shared with family members or roommates. If you share a computer, you must create a separate PC profile with your password.
Employees must ensure that their work area is not freely accessible. Doors or cupboards must be lockable, especially if data is stored locally or documents are stored in paper form. At the latest, special attention is required when employees work mobile in public. The tool must not be left unattended – not even for a short time. In the best case, a privacy screen is also attached to the display, making it difficult to look at the screen from the side.
Sign a Home Office Agreement
A home office agreement between the company and employees is recommended to ensure that employees are informed about these measures and comply with them. This is an additional agreement to the employment contract, which regulates data protection in the home office. It contains which security measures apply, such as using a VPN tunnel or not using private storage media. The use of personal devices can also be better regulated through a home office agreement, thereby minimizing the risk.
Data Protection Is Easy – If You Are Informed!
Data protection has received increasing attention over the years. New laws and regulations have come into play that companies must comply with. At the same time, there is also more and more (cloud) company software that makes data protection easier – especially in the home office: Appropriate cloud software ensures that access to company resources does not lag. The proper EAS infrastructure makes it easier to handle data and information. However, this only works with the appropriate software and the necessary know-how. It doesn’t matter whether both are already available in-house or whether the relevant experts are consulted. So as long as you know what privacy requires of you, it’s easy to comply.