COVID-19 has meant organisations have had to adapt quickly to prevent the spread of the virus. Now, due to government regulation, organisations are having to consider how their employees work remotely for the first time.
But this doesn’t mean cyber security requirements can be relaxed. Regulators, like the ICO, have stated that companies who require employees to work remotely will still need to consider the same security measures for homeworking that would be used in normal conditions.
Unfortunately, remote working introduces new cybersecurity, data protection and operational risks that companies will need to review and mitigate.
Here are the 5 top challenges your business may need to consider when introducing remote working:
Some processes may be easier to move to remote working than others. So, first things first. Identify and understand how your processes operate. If your critical processes aren’t followed correctly, this can cause a negative impact on your business:
- Which processes are critical and high-risk?
- Do certain processes require someone’s physical presence to complete? This should also include any processes to maintain your IT resilience such as backups, console-only logins, etc.
- Have you restricted access to systems so they can only be accessed from the office, or only from a named IP address?
- Do you have any paper-based processes that cannot be moved online?
If you have a comprehensive, up-to-date understanding of your processes then this will be a simple task.
What effect will remote working have on employee hardware?
It is important to understand what the equipment staff will need to work from home. This may include:
- Laptops, desktops and screens
- Printers, scanners and shredders
- Internet access
- Secure authentication devices
- Lockable filing cabinets
Some individuals may not have all the technology or equipment they need, or what they do have may not meet their needs or the needs of the business. For example, most households usually only one Wi-Fi router that they use for everything, with the default username and password still intact.
But how does using household equipment affect information security? Working outside of the office environment (that you’ve worked so hard to secure) poses potential risk and new implementation measures that employees will need to follow in order to control those risks.
Understanding what effects new equipment will have on your IT team’s ability to provide support is equally important – particularly securing devices and the information stored on those devices. IT managers need to be aware of the devices staff are using at a minimum so they can provide any essential support if anything were to go wrong.
Who else will have access to the information?
Working at home means you’re surrounded by people you wouldn’t usually be in a workplace setting – your family members. Now, we’re not suggesting you kick them out of the house so you can work (even if they’re getting on your nerves a bit!) but, again, this introduces a new set of risks that need to be managed – especially if the remote worker is using shared technology, such as a family PC, or whether anyone can gain unauthorised access to your data.
Some organisations may have different associated risks for different staff and must therefore decide whether the individual staff members need any additional training or technology to protect information processed at home.
Will you need to roll out any new technology?
To facilitate home working, it’s very likely that your company will need to increase your teleconference and video conference capacity. This may mean introducing new technology solutions such as Microsoft Teams, Zoom, Slack or maybe even a VPN to provide additional protection of your data.
If your personal data processing will need to change significantly, carrying out a Data Protection Impact Assessment will do more than simply help you understand the data protection risks associated with swapping to a new technology stack – it will also uncover the challenges associated with switching from face-to-face to virtual meetings. This should be considered for all remote working tools and solutions that have been newly implemented.
Don’t restrict this to data protection issues only! A risk assessment should be considered for any change of access to, or use of, sensitive or confidential information.
How will you manage the home working staff?
It may be tempting to introduce new solutions to monitor employees that are working remotely. However, (surprise!) there are risks associated with this too – especially if staff are being monitored in their own homes, are using their personal devices or even using shared devices.
You should be able to document and evidence that the benefits of any monitoring technologies outweigh the risks to the monitored individuals. If you can’t demonstrate this, then you should not implement the technology and consider alternative management methods.
Data protection law should not be looked at as a blocker to increased and different types of remote working, but as an essential practice to ensure your business and staff are still kept as safe as possible in multiple working environments.
Need guidance on how to adapt to remote working? Contact us and we’ll be with you every step of the way.