In the next few weeks, due to the Coronavirus pandemic, businesses in the UK may have more employees working from home. Employees may be working on their work laptops and devices, but for some they may have to work on their personal devices. Employers have a responsibility to undertake security measures to ensure staff are working securely both when in the office and when they are working from home.
Organisations have different IT systems but here are just some of the factors which many employers will need to consider and address as part of their working from home policy:
- Security of IT equipment
- Are mobile phones password protected and encrypted?
- Do staff have access to a secure work computer or will they need to use their own IT. If so, can work files be accessed in a secure way, is the device encrypted and is anti-malware software sufficient and up to date?
- Physical Security
- Are confidential paper and electronic files secure in the home environment – can they be locked away?
- Is work being carried out in an environment where it isn’t overlooked by family or friends?
- Information Sharing
- Is there a secure method for transferring confidential emails and files with work colleagues?
- How will confidential post be sent if not in the work environment?
- Teleconferencing /Video conferencing
- Do you have technologies in place that will allow meetings to continue to go ahead e.g. teleconferencing and videoconferencing?
- Printing / shredding of sensitive data
- Do staff have the facilities to dispose of confidential waste, or will this be stored securely until it can be returned to the work environment?
- Policy and Procedure
- Is there clear guidance for staff on expected practices around working from home and have they been made aware of these?
The ICO are providing regular updates for businesses and employees.