Making Remote Working Safe And Effective For Your Business During COVID 19 Lockdown20th March 2020
The coronavirus, AKA COVID-19, is spreading at an alarming rate across the globe and throughout the UK. And so, accordingly, in efforts to slow the spread, hundreds of thousands, perhaps millions, of people are being sent home, or self-isolating – and working from the safety of their homes.
However, in what feels like a strange, dystopian, worldwide social experiment in remote working – many businesses, not yet prepared for such a setup – are left confused at laws, policies and remote working protocols. With many employers unsure of how to monitor, or motivate their employees from afar – It’s a learn-on-the-fly situation for some, and a potential cyber-security and legal minefield.
Here are some key points to help you navigate these difficult times;
Set in place remote working protocols
If your company has them in place, call employees attention to observe all normal remote working protocols. Send out up to date copies and have people sign and date it. If you don’t have one – the ICO policy is a good starting point as a temporary measure.
Provide clear channels of communication
Set up clear channels of communication between yourself and team members. Platforms like SharePoint, Teams, Slack and Gchat offer the perfect place to coordinate remote working, keeping everyone up-to-date and work flowing freely. Although private and sensitive data should only be sent and received through the appropriate and secured channels. Remember that if you identify a living individual within any email or instant messenger communication, those documents may fall within the scope of a Data Subject Access Request and may need to be provided to the person discussed.
Protect sensitive data
Advise employees that under no circumstances should they produce manual or electronic copies of files which will leave the secure environment. Also, no files or sensitive data should be sent or received via personal email accounts like Gmail, or through instant messages. The onus here is to remind staff to ask the question ‘would I do this in the workplace?’. The simple answer is, if they wouldn’t do it at work, don’t do it at home.
Remind staff of the dangers surrounding public wi-fi
Alert your staff to the dangers of using free public wi-fi, ensure they know not to use it under any circumstances. Connecting to free, or paid public wi-fi carries a huge risk. Company data is open to interception by third parties. Also, some wi-fi networks may be rogue and set up to harvest your business’s valuable data. Moreover, hackers can also utilise an unsecured wi-fi connection to distribute malware; and infected software can cause businesses financial disasters.
Work in public places is a no-go
Let your staff know not to engage in client work in cafes or on public transport. In these areas, sensitive files and laptop screens are open and vulnerable to observation by the people sitting around you.
Work devices and passwords not to be shared with family members
Be sure that workers know never to share devices or passwords with family members. While working from home for long periods, the lines between work and social life can become blurred. However, work devices and passwords should remain off-limits to friends and family.
Staff should practice decent cybersecurity ‘housekeeping’
Employees should be reminded not to access company systems without adequate firewalls and anti-virus software and security on all of their devices and if they suspect a breach report it immediately. All installed software must be kept up to date, and redundant software should be uninstalled. Adequate cybersecurity ‘housekeeping’ is imperative.
Employees should practice safe and secure video conferencing
Video conferences are brilliant for keeping up to date with clients, staff members, offering support, and alleviating potential loneliness and disconnect during this crisis. However, If staff are practicing video or audio conferencing, remind them to guarantee that it is secure, not overlooked/heard and NEVER to record without the knowledge and permission of the other party.
Alert your staff to monitoring
Remind your team that usual proportionate monitoring of communications and activities will take place. While you can’t go overboard with the ‘all-seeing eye’, mention to your staff that you will be aware of the work they are performing, and it’s not time to slack off and sleep or watch Netflix all day.
Regulators have warned companies not to perform excessive monitoring, and so a DPIA would be helpful to have in your back pocket in case of a complaint. A DPIA is a process designed to help you systematically examine, recognise and minimise the data protection risks of your projects or plans. It’s a crucial part of your GDPR accountability obligations. When undertaken properly, it serves to demonstrate how you comply with all of your data protection obligations.
Taking into account the interests of what you’re aiming to achieve, it helps you reduce risk, and conclude whether or not the level of risk is reasonable given the situations
Dealing with DSAR’s
Finally, ensure you have systems in place to deal with DSAR’s. By making a Data Subject Access Request, individuals can request all their “personal data”.
Create a protocol so that your business can respond quickly and efficiently. Having an agreed contract in place which describes the steps you will take to respond to a DSAR can be incredibly time-effective. A protocol should include an allocation of responsibilities and the actions required to comply with the request. Specific electronic platforms created to manage DSARs can be particularly useful. These platforms will usually have specific functionality to assist with carrying out redaction, running searches, and identifying relevant documents. However, always consult with your IT provider to ensure that their systems are fit for purpose.
We have put a small video together to help employers to deal with the remote situation. You can click here to view it with our compliments.
If you require any further advice, please visit our website or call us on +44 (0)1673 885533.