Due to COVID-19, more people than ever are now working remotely. While the psychological impacts of these changes have been discussed, we haven’t yet explored the impact of these changes on data and privacy. For many businesses, this is unchartered territory, and they may not have the policies in place to manage the transition.
Protecting data has never been more important
Your business will have a large amount of confidential data that is now exposed to new security breaches simply because it’s being accessed outside of your usual IT environment.
Home devices and Wi-Fi systems generally don’t have the same rigorous security measures office IT infrastructures have. Data security and privacy are just as important in this new environment, if not more so than before.
A business’ data is one of its most valuable assets. It’s the fountain of knowledge on which the business operates. It includes important information such as customer details, product information, strategies, personnel data and more. This precious business asset has never been exposed to potential risks in such a manner before. It is therefore crucial that those who use and manage it, do so securely.
Consequently, we need new policies and procedures created in conjunction with IT and HR, to educate employees to ensure they understand and practice them.
Cyber security risks
Accidents happen. Employees might use personal data storage systems such as a personal Dropbox account to transfer large amounts of data for work. While this is seemingly innocent behaviour, it could create a plethora of issues for employers should the data be breached or the employee leaves the organisation, with all this valuable information still stored in their personal accounts.
Then there’s the matter of dealing with cyber attacks. While not explicitly the responsibility of HR policies and guidelines, a computer virus can impact the entire organisation and put all your data at risk. Every employee should have encryption available for sensitive information as well as up-to-date anti-virus and malware software installed on their devices.
Using best practice around personal information
Personal employee information needs to be protected – just like all the other confidential data in the business. To ensure this data stays secure, teams accessing it from home should do so over secure connections.
The Office of the Australian Information Commissioner’s (OAIC) website sets out good practise guidelines for businesses dealing with the personal information of employees. The Australian Privacy Principles (APP), while not a requirement for all businesses, sets out best practice guidelines for managing personal information.
Managing online meeting and chat systems
The news of Zoom Bombing (unwelcome guests dropping into private Zoom meetings) caused a grin or two. However, for many businesses, this represents a further risk – both in terms of IT breaches and the risk of reputational damage.
Some chat systems could be open to similar issues. Ensuring secure systems are used (and in the case of Zoom, passwords are used for online meetings) can help reduce some of these risks. It’s essential to ensure that secure platforms and processes are in place and that employees are aware of and practice those processes.
Set out and communicate expectations
To protect your business, have a policy that clearly sets out expectations regarding data security and privacy. Then educate and inform your employees about the importance of data protection.
If you have questions about how to create practical and useful policies around data security and privacy, give us a call. Together we can create the policies and procedures you need to ensure your data remains safe and employees are aware of their obligations.