In these challenging times, the Information Commissioner’s Office (ICO) has said, “companies that require employees to work remotely will still need to consider the same kind of security measures for home working that would be used in normal circumstances”.
This means that organisations have to review current data protection and operational risks to mitigate and create a secure remote working environment for employees.
Will you need to change existing processes?
Some business processes will be easier to move to remote working than others. The first thing to think about is understanding how each of your processes operate:
Which of your processes are either critical and/or high-risk?
Which processes require someone’s physical presence? (including any processes that are required to maintain your IT infrastructure)
Are any of your systems only accessible from the office, or only from specific IP addresses?
Do you have any processes that can’t be easily moved online e.g. paper-based processes?
If you haven’t already, we would suggest focusing on your critical and high-risk processes first, identifying and mapping where the biggest problems can occur and what will cause the biggest impact.
What equipment is required for remote working?
When considering remote working for your employees, you need to identify what hardware is required for each individual to work from home successfully.
They will most likely need:
Secure authentication devices
Not all employees will have access to everything they may need when remote working.
It’s extremely important to understand that domestic equipment, such as household wifi routers, affect information security and data protection. Understanding the risks can help you provide your employees with the right information to deal with these risks.
Could sensitive data be at risk?
Households can be accessed by all sorts of people that wouldn’t have access to your office, so it’s important to assess the risks:
Does anyone who has access to the household have a criminal record e.g. fraud?
Will remote workers be sharing equipment, such as laptops, with other residents of the household?
What you will most likely find is each individual will have different risks associated with them. Here, you can consider whether an individual will require any additional training or equipment to successfully work remotely and keep your company data secure.
What new technology might you need to introduce?
Enforcing remote working means it’s highly likely you will have to increase your teleconference and videoconferencing capacity. You can do this by introducing new software such as Microsoft Teams.
To help you think through the challenges associated with switching from face-to-face to virtual meetings, carry out a Data Protection Impact Assessment (DPIA) – this will also assess the data protection risks.
Consider the following:
The ways that employees will share information with each other
Who will need the ability to access video or phone conference calls? How will you limit access when required etc.?
Will you need to provide support for installing and using the new software? If so, how will you provide this?
How will you manage staff who are working from home?
Whether remote working is an occasional requirement for self-isolation or a new regular working pattern for some or all parts of your organisation, data protection laws should be seen as a necessary practice to ensure your organisation and employees are kept as safe as possible, no matter what their working environment is.
At The One Point, we can provide you with the guidance and confidence you are looking for when it comes to transitioning to a remote workforce.
We can provide you with hardware, software and 24/7 support, to ensure you can carry on ‘business-as-usual’, regardless of where your employees are working.
Talk to a member of The One Point’s award-winning team today on 01482 420150, or visit the website for more information: theonepoint.co.uk