Data Protection: 10 tips to protect data when working from home
Following Data Protection Day on 28th January, and for many of us, our way of working has changed drastically over the last ten months, there’s no better time to talk about the importance of data protection protocols and the steps you can take to improve your processes while working from home.
For the majority of office workers in the UK, our working days have transformed significantly since March 2020 – not just in terms of the commute but also in terms of the devices we are using. Company-owned desktops and laptops were primarily being used by employees before, now many are using their own devices to store and input confidential business information. Depending on the device and software you and your employees are using to work from home, there are different risks to consider:
a. Company-owned devices are the most secure and generally offer the highest level of protection but businesses should;
- Ensure that these devices can be updated remotely.
- Put measures in place to prevent data from being extracted from the device, e.g., data loss prevention technology.
- Use multi-factor authentication for remote access.
b. Personal devices come with additional security risks and businesses should ensure that employees are;
- Using multi-factor authentication for remote access.
- Keeping personal and business data separate; employees should not be able to accidentally or deliberately move data into personal storage.
- Keeping security software or operating systems up to date.
Here are 10 steps to increase data protection when working from home;
1. IT Support – when working remotely, it’s especially important to have your IT department’s contact details on hand. This ensures that you can quickly notify them if any company or personal equipment containing company data is stolen, lost, or breached.
2. Follow company policy – your organisation will have protocols in place to ensure that data is adequately protected. Remember to follow these when working from home and avoid the more convenient, but less secure, route of sending emails from your personal account for example.
3. Use company software – if you are provided with hardware or software from your company, you should use this. They will have added protection in place and provide the best protection for data.
4. Keep it confidential – while working from home and sharing the same space with friends and/or family members, where possible try to hold conversations in a place you are less likely to be overheard and position your screen so that it is not visible to others.
5. Beware of phishing – be especially vigilant when opening emails or links from a potentially untrustworthy source. Phishing attacks are commonly used by cybercriminals to trick users into sharing personal information, passwords and credit card details.
6. Use your VPN – businesses will typically use a Virtual Private Network (VPN) to create a secure connection to your organisation’s data while using the internet. These will most likely be in place as a password enabled or token system.
7. Back it up – data backups are an essential process to ensure that data is protected elsewhere in the event of loss or corruption. If you are unsure about what you need to back up data, or how to do it – contact your IT department.
8. Strong passwords – a simple yet effective method to protect against infiltration whether using online storage, software, or personal devices is to use strong passwords which are hard to guess. The National Security Council (NSC) recommends using three random words together and be sure to use different passwords for different services.
9. Keep software up to date – when using equipment, whether it’s your own or company owned – always ensure that the security software is up to date. Allowing updates to be installed reduces the risk of a successful cyber-attack by criminals.
10. Secure communications –use communication tools provided by your organisation. If you need to share data with others internally – choose a secure messaging application or document sharing system. If you are using email, which can be unsecure, consider adding password protection to documents and sharing these passwords using a secure messaging channel.
Whilst the educational information above can help protect data and prevent breaches, no individual or business can be 100% certain that they won’t be the next target for a cyber breach.
Source: NMU, a Munich Re Company