The world has slowed to a near standstill with the spread of COVID-19 and for many businesses, this means changing the way they work. With employees working from home when they can, it’s easy to assume that everything will carry on as normal. But what about information security and the stringent rules and regulations that guide and support your business?
Working from home is not always easy. There are many factors to consider, including how secure information is in someone’s home, what programs you’ll use to communicate and so on.
The lockdown has presented many app developers with golden opportunities to create and promote their communication apps even more. But concerns have been raised as to their security and privacy settings – can others from outside of your circle hack into or gain access to archived messages, documents and so on?
If there are breaches of security, under GDPR rules, where does a business stand? And what about ISO 27001? Does this standard provide the solutions?
Awareness and action
The key to successfully ensuring that all reasonable steps are taken to contain commercially sensitive information, along with personal data of staff and customers are kept secure during this period is raising awareness and taking action.
Anyone working from home should, as a matter of urgency, ensure that:
- Their Wi-Fi connection is secure – in other words, password protected.
- Passwords are secure – hard-to-guess passwords are essential and so now is the time to update your passwords not just on your PC or laptop, but on programs and other online platforms
- Critical of unsolicited emails, texts and other electronic messages – whilst the majority of the population come together as one, there are cybercriminals at work and attempting to scam people. Make sure staff are extra vigilant and flag any concerns.
Work and personal devices
There is also the question of what devices the employees will be using and who they belong to. As a business, you may have these devices already but in some cases, employees may be using their phones or laptops during this working from home period.
Staff must understand the importance of keeping data and information safe, especially if other members of the household could see or access this data. The last thing your company needs at this already sensitive time is an accidental data breach because someone accidentally sent an email…
Backup, backup, backup
ISO 27001 compels a company to look at many different strands of information security, including what should and what needs to happen in the case of a data breach. We may be trading in extraordinary times but this doesn’t mean that regulations are defunct or the possibility of being fined for breaches and lapses of security will be any less.
As a company, you are expected to do your very best to ensure the data and security is safe, no matter where your staff work. Whilst this is paramount, so too is backing up data.
Staff who are currently working from home need to ensure that they are backing up data too, per the policies and procedures you have laid down. The question is, how will you monitor this?