There are a number of challenges and risks to GDPR when some or all of your workforce works remotely.
We’ve put together our top ten tips to help you handle these risks alongside your team.
1. Implement and follow WFH policies and procedures
You should have a clear policy in place for staff who are remote working, which covers accessing, handling and disposing of personal data. Your employees should understand the procedures in place to protect personal data help by the company, and you should have appropriate measures in place to defend against cyber attacks.
2. Use multi-factor authentication
For any cloud-based resources shared by the team, multi-factor authentication can make it much harder to someone other than your trusted members of staff to gain access. It is stronger than passwords alone, even long or complex ones. There are a number of different types of multi-factor authentication, including texts, biometrics, and one-time passcodes.
3. Ensure home workers have a suitable space
Remote staff should have access to a private space to work – ideally, this will be at home, but there may be instances where they need to work in public.
At home, it is advisable that workers lock their screens whenever they need to leave the room, in order to prevent other members of the house from accessing confidential information.
In public, workers should consider the following when choosing where to set up:
- Sitting somewhere people can’t look over your shoulder to see your screen – this includes near windows and doors where people may be able to look in
- Installing a privacy screen
- Only using encrypted Wi-Fi, or a hot spot from a work device
- Using video meeting software with advanced security features if taking calls in public
4. Regularly check for updates
It is important to make sure that company devices are up-to-date on security updates, as these will offer the highest level of protection against malware and cyber attacks.
Similarly, a modern browser , such as Google Chrome should be used, and run at the latest available version.
5. Choose secure device storage
Storing data locally is a risk for any business, but for those that employ remote workers there is an additional threat of devices being lost while travelling or stolen from the home.
Therefore, files should be stored in a secure cloud location, ensuring that even is a physical device is lost or stolen, your company’s data is still accessible.
6. Stay in regular contact
Stay in touch with your remote employees to ensure that you are aware of any technical needs they may have, and encourage workers to reach out if they have any questions or security concerns that need to be addressed.
7. Provide training
Make sure your team know how to protect important data with GDPR training, and teach them how to spot the signs of phishing attacks.
8. Enable remote disabling
Remote disabling can be used to lock or erase a device’s data if it’s lost or stolen. Accidents happen, so it is important that you have this feature enabled on any company devices so that you can take action if needed and prevent data from being accessed.
9. Communicate securely
Ensure the channels used internally are secure, and that all members of staff stick to using these. Secure messaging, an online document sharing system, or password protection should be used when sharing data with others.
10. Manage access permissions
Minimise the risk of data breaches by reducing the number of people who have access to sensitive data to only those for whom access is necessary for their job role.
GDPR and Security & Terror Alerts are essential tools in protecting your business from physical and operational threats. Make sure you don’t miss out on our 10% off deal on these courses, available until the end of November. Simply enter the code ‘secure10’ at checkout to save!
Read more Top 10 Tips blogs here.
To keep up to date with the latest health & safety news and advice, follow us on social media: