Security in a Changed World

COVID-19 has caused a massive increase in the number of employees who work from home.  This means that personal, company and client data has now moved outside of the traditional office environment where previously it could be controlled relatively easily.  This change raises many challenges for businesses, including the security of their data.  In this article, we outline how you can ensure your business and your data is secure when working from home.

Security in a changed world – it’s now everyones business.

Specifically we discuss:

– How Pre-Covid Business Data/Security Processes No longer Work

– Four Critical Areas of Security to Focus on Now

– Actions to Ensure Data Security when Working from Home

If you need any help either reviewing or resolving your security in a changed world our contact details are below.

Why your pre-COVID-19 data & security process are no longer relevant

‘The Old Normal’ – 6 Months ago

You’re finishing work, your team has left the office and you’re about to lock the door for the night. Company policy is a ‘clean desk’ – so it is easy to check that nothing has been left out. All the office equipment has been turned off and you’re just setting the alarm. Great, no worries, you can go home without too many problems to be thinking about.

‘The New Normal’ – Today

You’ve finished your work and the conference calls are over for the day.  No need to tidy up the desk – you’re working at home and the kids now understand not to touch your ‘stuff’.  That contract you printed out can wait until tomorrow and the Client contacts spreadsheet you were halfway through reviewing for marketing has all your comments scribbled on it – that can wait as well for the team call tomorrow afternoon.  You decide to leave your laptop on as you plan to do a bit of surfing for holidays after dinner – you really need that break as its’ been so intense recently.

Clean desk policy? European working hours directive? GDPR? Company compliance? Risk assessment? Corporate confidentiality? Health and safety? HR? Company Insurance?

But – Hang On!!  I’m just trying to run a business here!!!

Security is everyone’s business

I could go on!  The point is that running and managing a team, business unit or company is far more difficult in the ‘new’ normal than in the ‘old’ normal.  If you have staff who are working in multiple locations you can also throw in the COVID-19 Health & Safety forms that have to be completed in advance of anyone returning to an office.

For most supervisors, team leaders, managers and directors this is all completely new.  Delegating work is easy when you are sitting in an office – you can see instantly reactions when you give directions and there is an easy opportunity for people to ask questions – you can also see people’s body language and can check on how they are working.  How can you tell that the task is understood and that they have all the required information or are even at their desks?

Do not underestimate the impact of change on both the individual as well as your business.  All this is new, there will be mistakes and things will take longer until the ‘new’ way of working is ironed out and becomes the norm.

At the end of the day there is no magic bullet that will take all this away.

However I am strongly recommending arranging some training in the following areas –

Management Training

  • Managing a remote workforce, how to delegate and monitor tasks, how to communicate to teams and indiviuals clearly and effectively
  • Planning a distributed working environment and choosing the right software products
  • Setting clear Key Performance Indicators (KPI’s)
  • Your business, social, regulatory and health and safety responsibilities for home working staff

Employee Training

  • Effective time & work management
  • Team Communcations

Security Considerations when working from home

Yes – we all had to do something and do it quickly in order to be able to work from home.  We’re now starting back to work – but it is acknowledged (and we’re being encouraged) that a large number of workers will continue to work full time or part time from the home.

  • Staff contracts need to be updated to reflect these changes.
  • Employees should be recording their working hours and their availability in terms of start/end times.
  • Are you providing them with the ability to log the details of their tasks and activities?
  • Do you pay for breaks and if so do employees know the maximum and minimum durations?
  • Employers need to have a working from home policy – and they need to know what is expected of them.
  • Home working locations should be safe with both equipment and health and safety audits carried out (regularly!) and the outcomes recorded.
  • Home working facilities need to be made available.
  • Does your company insurance cover working from home?
  • Any paper containing Personal Identifiable Information (PII) needs to be secured – GDPR still applies no matter what the location and it’s not just data held on computers or electronic devices (including your phone!) it is also notepads, sticky yellows, whiteboards, forms, questionnaires, etc!
  • If employees have data stored locally is the device secured both physically and logically? Is it encrypted?
  • Should the device be for business use only? Can you restrict usage remotely either by application, time of day or by IP address?
  • If employees use cloud-based applications – are these secure, GDPR compliant and encrypted end to end?
  • And, and, and!

Four critical areas of security to focus in on now (and some of these overlap).

 

Whilst these are general areas (and quite big buckets!) you need to ensure that the people involved are treated as individuals.  Don’t forget that those impacted are real people with real lives who are probably also going through this for the first time as well.  It is safe to assume that they want to continue to do the best work they possibly can for your business – it is only a very small number (the rare exceptions!) who will deliberately take advantage and abuse the system.

1. Contractual Security

  1. Employee Contracts
  2. Company Policies & Procedures
  3. Corporate Contracts
  4. Company Insurance

2. Physical Security

  1. Health & Safety
  2. Home office
  3. Electrical & computer equipment

3. Data Security

  1. GDPR, internal compliance & controls
  2. Sharing, exporting & printing corporate data
  3. Online storage & storage devices (external drives)
  4. 3rd Parties and 3rd party applications

4. Work Security

  1. Communications (email, conference calls, voice, text)
  2. Work (task & activity) Management

Home Working Security – Some Do’s and Don’ts!

Now that we’re thinking about security in a changed world I’ve put together a list of some Do’s and Don’ts to help you.

Do’s

  • get the best advice possible and guidance before you go too far.
    • There are a lot of good ‘official’ websites offering very sensible support for businesses.
    • Your local Chamber of Commerce or central/local Government busines support will also be able to help.
  • identify the requirements for your business, create lists of time-lined actions and who is responsible for them.
  • discuss these first with the people concerned – get their buy in and engagement before you make a mistake!
  • create a budget – your business still has to remain viable
  • outsource to suitably skilled and experienced professionals where possible. It’s usually quicker and more cost effective.
  • Ensure that your team has appropriate home office equipment – desks, chairs, storage cabinets, lighting, screens, monitor stands, headsets
    • chairs still have to comply to health & safety standards!
  • if necessary, replace existing systems that don’t meet the demands of a distributed remote work force.
  • select software and tools carefully (read the T&C’s!) and use business applications that tick all the boxes as above.
    • You don’t want end up with even more problems!
  • communicate clearly to your staff verbally and in writing – and in advance of changes.
  • take the time out for 1 on 1’s.
    • Joint conference calls are not the place for raising individual issues and not everyone is comfortable (or assertive) on a group call.
  • provide training, not just on technology but for dealing with change and working remotely.
  • make sure that everyone clearly knows what is expected of them and how are they going to be measured.

Don’ts

  • jump at the first solution you find on Google! Check out a range of items.
  • choose a product just because everybody else uses it!
    • India has banned 80+ common social media applications due to data security issues and you’d be shocked at some of the everyday names.
  • try and do everything at once – build a manageable plan
  • try and do it all yourself!  You have some great people in your business – use them!

Want to talk?

If you want to know more or to discuss suitable and secure remote working applications with us please contact me on +353 (0) 86 604 4820 or email tim.pullen@cloudtech.ie.

You might also like to read Mark Scheffels’ article on securely sharing data   Alternatively you might find my article on Distributed Working interesting!