Last Updated on November 25, 2020
Protecting Data Remotely
We understand that with WFH privacy concerns are more important than ever so we reached out to an expert who could help us share the top tips for making sure your business is in compliance.Alyson Harrold – Spectrum Group
This guest post is provided by the Law Office of Jessica Youngs, a general practice firm with more than a decade of experience in corporate law and transactional law with a specific focus on data protection concerns and cybersecurity, including CCPA and GDPR compliance.
Working from home (WFH) is here to stay. Throughout the past months, many companies are realizing that increased health and safety are not the only benefits to having employees stay at home—they are also seeing new ways for employees to have added flexibility and convenience while still maintaining the same, or in some cases greater, productivity. Now, employees are no longer using computers within internal company networks, but they are nevertheless working with the same sensitive information they were handling in the office. All of this contributes to an increased risk of data hacks and security breaches and alters how employers should address data privacy. So how can you balance data protection concerns with working from home?
- What Tools do you need to protect your data?
- How do you deal with the human factor?
- Can you balance data protection concerns with WFH?
WFH means that countless computers containing sensitive company information are out of the office, connected to public networks, and within eye and ear shot of strangers. Now there is more opportunity for wandering eyes to glaze over open laptop screens and no elaborate IT infrastructure to guard computers from online attacks. This makes changes to your privacy strategy more difficult. It isn’t just about installing new software—privacy changes have to be thoroughly addressed with your employees and clear policies and safeguards must be put in place.
What are the Right Tools?
Luckily, there are easy-to-set up tools to ensure that your company’s technology is safe and secure outside of the office. To help secure your company data, you should try to supply the hardware and software necessary for a remote workplace. This ensures that everything employees use is up-to-date, company-approved, and not vulnerable to simple cyber-attacks. These simple tools include virtual private networks (VPNs) for business which conceal IP addresses, encrypt data transfers, and mask/modify location data. VPNs can also add more employer control to what information and websites employees can access on company equipment. This being noted, VPNs will not be as effective if employees do not have an understanding of the technology on their company phones and computers. Employers should make sure that their employees know how to use a VPN to prevent data highjacks, especially if they are connected to an unsecured Wi-Fi network, by implementing trainings and operating procedures.
Your company’s privacy also depends on the third party technologies that you rely on, mainly, the kind that provides video conferencing solutions for your team and employees. Most companies know about the convenience that Zoom and Skype provide, but few know about the privacy and data protection capabilities at their disposal with these solutions. It’s important to be aware of what privacy features are available with your video conferencing software of choice so that you can maximize the privacy and security of your online meetings. Be sure to restrict access to your meetings with passwords, as well as control when people can join and who can present and share their screens. Also be aware of phishing risks—live chat features can be used to induce employees to reveal sensitive information about themselves to people purporting to be part of your company or from another reputable source. Lastly, make sure that whichever software your company uses is up to date. Technology is constantly updating itself with newer and improved capabilities and features. Overall, take some time to review which video conferencing software your company is using and why—a little thought can help you better understand the privacy landscape you’re exposed to.
Are People the Weakest Link?
Did you know, however, that most data breaches and security issues are caused by simple human error? For this reason, employers should clearly communicate employees’ responsibilities for protecting data and the standards they should meet to ensure that they’re protecting data at home as they would at the office. Employees should be encouraged to keep work and leisure separate. Employees are already creating office rooms devoted to working from home and should be encouraged to continue this separation by using work laptops and phones only for work, and having personal devices to use for everything else. Even simple rules, such as not leaving a laptop open for a spouse to use or prohibiting stir-crazy children from playing games on a company-issued phone can help to ward off any accidental breaches.
With all these new safeguards in place, privacy issues now arise with your employees themselves. Increasing company privacy results in increased surveillance on employees, especially in their homes. In light of the new and broad privacy laws under the GDPR, CCPA, and NY SHIELD Law, companies need to be prepared to protect the privacy of their employees and promptly report and address any breaches. Any new data that companies collect based on their new WFH policies—whether it be IP addresses or video conference recordings—should be protected with reasonable safety measures.
Can Data Protection Concerns Be Managed From Home?
Having employees work from home can be beneficial for more than just complying with stay at home orders. The benefits of increased flexibility and productivity may well be worth the increased privacy & data protection risks, provided that the proper policies and safeguards are in place.
The information in this article is for educational purposes only so as to provide employers with a general understanding of the law. It should not be construed as providing specific legal advice, and you acknowledge that no attorney/client relationship exists between you or any third party and the author or publisher. This brief should not be used as a substitute for competent legal advice from a licensed data protection and cybersecurity lawyer in your state.