Data Protection and Working from Home: Tips to Work Securely
Many people are now enjoying working from home, whether full-time or hybrid working. Whilst this has provided companies and employees with more flexibility, it has also proved to be a challenge to data protection. However, by taking the right steps you can remain compliant with GDPR when working from home, by utilising the right equipment and maintaining good processes.
Only Use Company Approved Technology
When working from home, it’s best to use technology that has been provided for you by the company for work matters. This includes your laptop or PC, as well as your phone. If your work has approved you to use your own devices, you should ensure they are properly password protected with multi-factor authentication to access work documents and emails. You should also ensure you keep your personal files separate from work files.
Ideally, you’ll use devices given to you by your organisation, as these should have the best security software, such as antivirus and antimalware programmes that you might not have on your own devices. They should also be kept up to date by the company’s IT team to ensure they’re always protected with the latest security measures.
Use a Home Shredder for Confidential Documents
A home paper shredder is essential for your home office if you’ll be handling confidential documents that will need to be disposed of. There are all sorts of documents that you might print out at home that could contain confidential information, including meeting agendas, CVs, payroll information and contracts. They could all contain information about the company, employees, and customers, such as contact details and bank account details, that would cause a data breach if they weren’t disposed of properly. If you deal with paperwork at home, a home paper shredder will mean you can safely dispose of any documents. Our home paper shredders are super quiet and have a P4 cross-cut security level to ensure your documents can be disposed of properly.
Remember, handwritten notes should also be disposed of securely. If you make a note of someone’s phone number or email address, this is confidential information that shouldn’t be shared with others, including putting it into the general waste bin or recycling. You should shred the paper or store it safely until it can be disposed of properly.
Follow Your Organisation’s Policies for Handling Data
Your company should already have policies in place for data protection. These will apply at home in the same way they apply in the office, so you should follow the same processes for handling data wherever you’re working from. It may be tempting to do things in a more “convenient” way when you’re working from home, such as using your personal email for work matters. However, you should always use the usual software and methods put forward by your business.
You should receive training from your employer on how to securely handle data, so you’re maintaining GDPR compliance when working from home. If you’re not sure what you should do to avoid a data breach when remote working, you should speak to your Data Protection Officer or IT security team for guidance.
Share Data Securely
If you have to send documents or files when you’re working from home, you should only use secure methods. It might be that you work from a secure remote server to access work files, or perhaps your company uses cloud storage. Make sure you understand which method your company has deemed safe to share documents when you’re working from home.
Email isn’t always the most secure method to share data. However, if this is the preferred method by your company, you can use password protection to send documents. This is a good practice to employ for any documents that contain confidential data – just send one with the password-protected document and send the password separately via a different method, for example, via your work messaging app.
Establish a Secure Zone for Phone Calls
If you will be working from home when other people will be home, you should find an area where you can confidentially hold phone calls and video meetings. If you’ll be discussing private information, you’ll want to avoid anyone overhearing you. If you share a home office, you may have to take phone calls elsewhere, or work with your officemate to schedule confidential calls for times when they’ll be taking a break.
Set Up Your Workstation Correctly
When you’re setting up your workstation, you should consider privacy. Your screen shouldn’t be overlooked by anyone, so you may need to position it away from the door, window, or from anyone else’s desk if you share a home office. If it’s difficult to set up your screens so they can’t be viewed, you should be able to request a privacy shield from your company. This will mean your screen can only be viewed if you’re sat directly in front of it. You should also position any paperwork that has confidential information so it can’t be viewed by anyone else.
If you step away from your workstation, you should lock your PC so it can’t be accessed or viewed by anyone. You should also clear away any paperwork from your desk and file or lock it away. Even your family members count as third parties, so if they see any confidential information it would count as a data breach.
Tidy Up at the End of Every Day
When you finish work for the day, you should take some time to tidy your workstation, so all confidential information is secured. This would include shutting down your PC and filing away any documents. You may need to lock away paperwork that contains confidential information, perhaps just by locking the door to your home office, or by putting them in a secure, lockable box if you don’t have a separate room for your home office.
You shouldn’t leave any documents out on your desk and your PC or laptop should not be accessible by anyone else. You shouldn’t share the password that’s required to access your work documents with anyone else.
Be Vigilant Online
You should be just as vigilant online when working from home as you are when you work in the office. You should be aware of phishing emails and scams. Often, these can look like legitimate emails, even appearing to look like they come from a colleague or supplier. However, you should check them carefully and don’t click any links or download any files if you think something looks wrong. If you’re unsure about an email, you should contact your IT Security Team so they can check it over.
You should also be wary of downloading anything from websites. This can allow hackers to access your network and confidential information. Don’t download anything from unfamiliar websites. If a client or supplier has asked you to download something, you should first verify their details. If you’re still unsure, you should speak to your IT Security Team before you download anything.
Report Any Incidents
If any data breaches occur, you should always report them, no matter how small you think it may be. You should let your IT Team know, as well as your Data Protection Officer if your company has one. They will be able to investigate what happened and take the necessary steps to limit the breach. They may also need to create and implement new policies to ensure it doesn’t happen again. They will also be able to report it to the necessary governing bodies that deal with information security.
Leitz has a range of home office essentials to help you stay productive and organised when working from home.
Read more about data protection and our paper shredders: