Data, confidentiality, and managing WFH risks

The rise of Working From Home and flexible working has caused many business leaders (as many as 86% in a recent survey) to worry about employees compromising their business data.

This has long been a concern for businesses with multiple locations too. But, as many business leaders have also found, data and confidentiality are risks that can be easily managed with a remote workforce.

It does take proper planning though. Here are some of the systems and practices you can use to make working from home and multiple location businesses no riskier for your data than working in the same office used to be.

How to manage data protection with a remote workforce

1) Cover the basics

Many businesses that offer flexible working conditions for their team fall at the first hurdle. Organisations that successfully – and safely – have teams working remotely take ownership of how they do it, including:

  • Firewalls, antivirus, and malware protection – should be installed systematically on every employee’s devices as standard, including mobile phones and tablets used for work.
  • Device management – a remote wipe capability can help with lost or stolen device concerns and much more. Mobile device management platforms are readily available.
  • Tech support – your Managed Service Provider or internal IT department should be ready to provide technical support. This ensures your team members aren’t tempted to tackle problems themselves.
  • Password security – a running joke in some companies, don’t let password security be treated lightly in yours. Institute the use of password management tools and talk to your team about strong passwords.
  • Lines of reporting and communication – every team member should know what to do in the event of a data breach or data-related questions or issues. Make sure they know who to report to and why it’s important to do so.

2) Educate and establish practices

The weak link in the cybersecurity of most organisations is the human one. Of course, this is understandable – no one becomes a cybersecurity expert “naturally” or overnight.

This makes team training and education perhaps the most critical aspect of business data protection no matter where your team is working, meaning you should:

  1. Set your remote working policy – cover all aspects of device management and data protection steps to take. It’s best to do this as soon as possible – before bad habits and working practices have already become ingrained.
  2. Review it regularly – don’t let your Bring Your Own Device and other remote working data-related policies age out. Technology advances regularly. So should your policies.
  3. Discuss data with your team – your team may not understand the importance of your company’s data. Again, team training is vital to make sure all employees understand the how – and just as importantly – the why of cybersecurity.

3) Secure and encrypt

Make cybersecurity a priority for your business if you want to protect your data and your business from the dangers and costs of cybercrime:

  • Use VPNs – the whole point of remote working is to give your team flexibility and let them work the way they prefer, keeping them loyal and engaged. Choosing the right VPN (Virtual Private Network) ensures they can keep working from their favourite coffee shop without issue.
  • Use Two-Factor Authentication (2FA) – requiring two factors (a password plus SMS-sent code, for example) to log in should be the minimum standard for all organisations. In fact, even SMS codes are now behind the times. Make sure you have full Multi-Factor Authentication in place.
  • Consider encryption software – encrypting communications is a smart way to protect your data. Leading platforms encrypt as standard. For example, Microsoft 365 and Google Workspace encrypt data at rest and in transit and use a variety of strong encryption protocols and standards.

4) Protect data at rest and in transit

All organisations need to consider how their data is stored as well as how it is transported.

This can mean physically transported (data stored on USB sticks, for instance, should be encrypted). But it’s more likely to refer to data that’s sent or stored digitally.

Remember that storing data also counts as a data processing activity as far as GDPR (General Data Protection Regulation) goes. This means you need proper policies and processes in place for the retention and destruction of both physical and digital copies of data employees might have at home.

5) Explain how to guarantee privacy

Ensuring privacy in shared or public environments should be a major concern for businesses with remote working employees.

Again though, this doesn’t have to be a danger as long as your team understands how to work safely and effectively no matter where they are. Make sure to train them in things like:

  • How to secure devices when not in use – especially in public settings
  • How to ensure confidentiality when on the phone or virtual conferences
  • The importance of privacy screening in public or communal areas

Data, confidentiality, and managing risks Working From Home

Offering your team the benefits of remote working – and simultaneously letting your organisation benefit from the powerful recruitment tool this is – doesn’t need to mean risking your company’s data.

But you do need to make sure you have the right systems and policies in place to educate your team and make your distributed and remote working processes cybersecure.

Want to make sure your team are Working From Home safely?

Let’s talk. Dial A Geek has already helped nearly 1000 businesses in and around Bristol with their cybersecurity.

Setup a cost and commitment-free chat with Chief Geek Gildas Jones and go through how to protect your business today.

ALL ARTICLES