There has been a lot of debate about the merits of people working from home. Not only does it bring up questions of productivity, but it also raises concerns over data confidentiality. No matter where you fall on the side of the debate though, the past two months’ worth of confinement has forced us all to rethink the problem.
As it becomes the new normal to set up makeshift home offices and schedule several Zoom meetings a day, companies have to consider the ways in which their data could be compromised.
At work, the environment can be controlled much more than a home setting can be. At home, there are countless wild cards that can cause your confidential information to be put at risk. We’ll look at how you can promote organizational data protection so you can minimize your odds of a breach.
Focus on Company Training and Awareness
Confidentiality awareness at the office is very different from awareness at home. In the office, an employee might have a telephone conversation that can be overheard by a fellow colleague. In this case, the colleague has the same credentials as the employee, meaning there’s no breach of confidentiality.
But at home, the same conversation can be overheard by anyone from family members to roommates. Even if the employee closes the door in a room, this is not a guarantee. So let’s say that your employee is using a company credit card to make a purchase with one of your vendors. They give the information over the phone and one of their roommates happens to overhear before attempting to use the credit card on their own.
To a certain extent, there will be some leeway for certain situations. GDPR officials do not expect all employees to sound-proof rooms in order to comply with the laws. However, you can greatly minimize the odds when you remind employees of the inherent risks of working from home.
Finally, you can also use tools like encryption and two-factor authentication to ensure that only employees are able to access certain data. Keep track of everyone’s progress as time goes by and schedule additional training sessions to remind employees of how to best keep data under wraps.
Update Your Policies
Unless you experience a breach or become hyper-focused on security, it’s all too easy to ignore your confidentiality policies after they’ve been drafted and approved. But as the times change, so do the threats. Ideally, you should be updating them as many times as you need to.
If you’re going to have people working from home, you need to have rules in place on how your employees conduct themselves. More importantly, you need to make sure that your employees understand their obligations and how they’re meant to achieve certain objectives.
This is an extension of our first suggestion, as it gives employees a solid framework for while they’re on the clock. For example, let’s say that you formerly had a policy that prevented employees from working from home.
When the coronavirus hit, you had no choice but to work logistics that would allow for such a change. But if you were focused only on putting out urgent fires, you could easily find yourself in a much greater mess if you aren’t thinking through new regulations for employees.
Bring Your Own Device (BYOD) has been a hot topic in offices today, as leaders and employees alike weigh the benefits of being able to use your own equipment for company use.
Now that people are at home though, BYOD has taken on a whole new meaning. AI assistants, such as Siri or Alexa, are programmed to record at all times. A former employee at Apple made it clear that these companies were indeed keeping track of all conversations, despite GDPR laws that discourage or outright outlaw these practices.
Just one hack could cause confidential information to spill to a hacker or even the general public. To avoid being heard on every call, employees should be turning these devices off in an effort to protect confidential data and ensure overall compliance.
Your Data Mapping Is Likely No longer Valid
If you’re introducing a new processor to your data flow, it’s likely that your mapping will need to be reviewed and updated. If you can’t account for the quality of equipment being used outside the office or the network your employees are using, you can’t continue to rely on old protection policies established prior to the pandemic.
For instance, let’s say that you were using a specific process to facilitate the transfer of reports from one server to another. The employee responsible for the transfer usually does so on office equipment but is now using a device that is so old it no longer qualifies for system upgrades anymore. Over the course of the transfer, they may make confidential information from the report vulnerable to theft.
Data Breach Management
When it comes to statistics, it’s people who are most likely to be at the heart of a data breach. The more they’re at home, the more compliance control will slip through your fingers. Not only are you likely to be held vicariously liable for these data breaches, but you may find the breaches may are nearly impossible to discover in a timely manner.
So if your employee has an unsecured wifi network that is hacked, you may not know until the hacker decides to take action. If your employee is fearful of retribution, they’re unlikely to come forward. If the employee is unaware of their transgression, they may not even realize that they need to come forward. This is why education, awareness, and transparency need to be both promoted and practiced throughout a company.
Compliance That Works
GDPR365 is software that is flexible enough to adapt to new situations. Even, when we can’t predict what working conditions will look like a year or even a week from now, you can promote compliance when you have the right tools at your disposal.