To start with the box ticking element of this, your internal documentation should include an information security policy and included in that should be the information security precautions when working from home.
So, what is information security? Its all of the rules and processes that help keep the information in your company safe, secure and confidential. Sometimes this is so that you can protect your clients information safe and secure. It can also protect things like: your own intellectual property, your supply chain information, your professional support network, etc.
When at your normal place of work your standard policies and procedures will obviously work fine, but what about when you cannot work there and have to work from home?
Examine Your New Environment
Your environment at home, or at your alternative working location, will, of course, be very different. There will not, necessarily, be a dedicated private work space, the furniture will be different and there could well be an unprecedented reliance on additional cabling and strain on broadband.
Your router, and broadband package, will need to be robust enough to cope with any additional anticipated demand if your alternative workplace is your home. If your alternative location is within an open plan facility much of your reliance on cabling will be resolved but additional precautions will be needed to ensure your use of the shared signal is appropriately segregated and secured.
Physical steps for Information Security
Some FAQ’s for you to ponder (including where you are working at home)….
Where should you place your device that you will use as your workstation?
Not such an easy thing to answer and this is something that will be very personal but can be vitally important if you access confidential, or sensitive information.
Try and put it somewhere where it cannot be seen through a window or overlooked by anyone else.
If it can be overlooked use a privacy screen.
If you don’t have a privacy screen and are unsure about the trustworthiness of those around you think about using a confidentiality agreement. It may seem extreme but there are some very unscrupulous people out there.
Should you print anything while away from your normal workplace?
For me this is an easy one. If you can file paperwork at your alternative location to the same standard mentioned in your information security policy, then there’s no problem, print away.
For many that will not be possible, so my personal preference is only to print that which is not personal, confidential, or sensitive unless it is absolutely necessary.
Do I really have to lock everything away?
Unfortunately, this is where the regulatory framework kicks in and it really is up to you what risks you take.
If you cannot do when working away from your normal workplace, what you do must be in your information security policy. This can be as brief as to say something like “All sensitive documents printed in a remote location will be destroyed at the end of the working day”.
Technical steps for Information Security
If you need to use a temporary device, like a laptop, in your alternative working location (including where you are working at home), you will also need to consider whether its security measures match those in your normal one.
So think about things like these:
- Does it have the same, or equivalent, anti-virus software?
- Does it have the screen locked after a period of not being used?
- Does it have a password, or other security system, to allow someone to unlock. Or log onto, the device?
Some more FAQ’s for you…
What can I do if I can’t print?
This is all down to personal preference in the first place, however, information can be sent as a picture, or a pdf document relatively securely.
Do not send information as an Excel file, or word document, unless you have added password protection to both open and edit the file (and of course they must be different).
How can I get anti-virus added to my device?
Look at the package you have for your main device(s). It is entirely possible that you can add more, free of charge, or even transfer the license from one device to another.
How can I guarantee a secure internet connection?
Again, this is one of these awkward questions as there are so many variables to provide an answer. Here are some of the common ones.
If you are in a shared house and have good data provision on your mobile phone, use the VPN (the hotspot in your phones settings) to connect to the internet. You may even find that you have faster connectivity, especially if there’s gamers in other rooms of the property.
When you set up your router at home, you would have a choice to set it up with a password, or not (setting up with a password should have been recommended in the set-up process). If you chose not to create one in the first place set your router up again.
If you are in a shared office space make sure that you are apportioned an appropriate segment of the internet available and that the password is sufficiently complex to be secure (commonly a mixture of uppercase, lower case, and special characters, as well as numbers) and that is it controlled appropriately.
So many, so called requirements, are down to choice and the risks you are willing to take when working at home, or some other alternative location. I had a brief stay in hospital recently and I made arrangements for my laptop to be brought to me.
All I did was administrative tasks and reviewing marketing and social media activity. It kept me visible and relevant with low risk of exposure to personal, sensitive, or personal information as all connections to such data are password protected through linked applications, which were signed out of during my stay. These actions relay my attitude to risk, however, we are not the same. My role is to inform, advise and implement what the clients decides and I can work with those with different risk appetites to my own.
There is so much more information available, some of it even more detailed than this. Please look through the other blogs and see if the information you want is provided.
- https://eyebray.com/gdpr-the-basics/ : This contains some considerations when thinking about how to comply with data protection rules.
- https://eyebray.com/why-is-gdpr-necessary/ : This is a look at why data protection regulations have reached their current format.
If not, we would be pleased to answer your enquiry through sending an email to email@example.com, or by calling 0743211611.