Whilst the Information Commissioner’s Office (ICO) has acknowledged the need for more flexibility during this time of national emergency, it is accepted that businesses should be doing all that they can to meet GDPR and data protection act regulations which are set out to protect employees, customers and any data that they process or manage. The bottom line is that whilst the ICO will consider mitigating circumstances for data breaches, the rules regarding data privacy still apply.
Here we look at some of the measures that you can take in order to protect yourself, prevent breaches and avoid the hefty fines in your new working environment:
- Treat and handle data using the processes as you would at work but take a moment to consider additional weak points that your remote working environment might present. Do you share a workspace with a family member and are they privy to telephone calls that could expose personal data? Could taking calls in a separate room be viable? Remember to lock all devices when you move away from your screen and that you shut down securely at the end of the working day. Adhere to storage and other data protection precautions that your employer has put in place. E.g. deletion of downloaded documents from your PCs download folder and saving them in a secure area on your work server.
- A solid workplace IT infrastructure will have a server firewall in place as well as an individual firewall on your work PC. These firewalls act as barriers to third parties accessing sensitive client documents and data. It is unlikely that your home firewall is as effective, so it is vital you take steps to make sure that you are secure in other ways; be stringent about updating operating systems and programs to the latest versions. Hackers are relentless in finding weaknesses in software which will allow them a ‘route in’. By making sure that you are running the latest version, you will limit exposure to new vulnerabilities that can be easily exploited. The same applies for any anti-virus software you are running – do not let it lapse, keep it updated.
- Change your router password and configure WiFi encryption. It is commonplace to keep router settings at their factory defaults. However, these passwords are not only very weak but often available on the dark web. Cybercriminals can write the passcodes into malware which then captures your router and turns it into a ‘bot’ which is used to carry out unauthorised activity and security attacks. An encrypted WiFi will prevent a third-party from taking residence in your connection and remove the opportunity to intercept everything you do online – including entering passwords and personal data.
- Set secure passwords and do not share – even with members of your own family. It may be tempting to give login access to family members who are sharing the same device but avoid this. Set other users up with their own login details and profiles. Create strong passwords using a combination of at least 11 upper and lowercase letters, numbers, and symbols. Never use the same password for more than one account, consider two-factor authentications where possible and use a password generator to create unique passwords. Use a secure password manager to avoid writing passwords down. Don’t use any of the passwords which appear on this list is a worthwhile exercise. An interesting stat for you: a nine-character password will take five days to break, 10-character words take four months, and 11-character passwords take 10 years. Choose your password carefully.
- Use encryption where possible – encryption is the process of converting data and information into random code to prevent unauthorised access. (A hacker will still be able to access the data, but all they will see is encrypted text). To unscramble this code, you will need the encryption key. If your PC runs windows, you can encrypt your hard drive using BitLocker Drive Encryption. As well as this enabling you to lock the start-up process, you can also protect individual documents this way.
- You may have to keep hard copies of documents at home and some of these may contain sensitive information. We would encourage you to consider storing these in a locked drawer or briefcase and making sure that they are destroyed when no longer needed (Please remember not to just dispose of them in your domestic recycling!)
- Consider a secure area where your clients and suppliers can exchange information with you. This could be via a secure FTP link directly to your server or by creating a unique client portal, such a Controlaccount’s ClientWeb which allows all our clients to transfer any information via a totally secure portal which is active 24-7. See our demo here.
Controlaccount provides a range of outsourced services to large multinational companies and SMEs. Should you have any questions relating to IT, database build and development issues or require some information regarding our other business services, please do not hesitate to get in touch on 01527 549 522 or by sending us an email here.
Among our accreditations, Controlaccount holds ISO 27001which acts as an assurance to our clients and partners of our commitment to Information Security Management. Controlaccount is a registered data controller with the Information Commissioner's Office