“Lockdown” related data security risks have soared
The dramatic and unplanned surge in UK home working during the coronavirus “lockdown” has significantly increased the risk of businesses suffering data security breaches, says Fox & Partners, the law firm.
The Information Commissioner’s Office has stated that employers should consider the same kinds of security measures for homeworking that they would under normal circumstances. This must be considered a priority since businesses may still be liable for the actions of an employee if a data breach occurs as a result of remote working*. If a data breach occurs and the organisation affected did not follow the correct procedures the ICO may still impose appropriate financial penalties**.
Simple steps to reduce risk of data security breaches
Fox & Partners has outlined five simple steps businesses can take to reduce the risk of a data security breach whilst employees work from home.
- Implementing code names for clients and projects
Businesses who deal with sensitive information could implement code names for particular clients or projects in order to retain anonymity. This is particularly important in regulated industries where confidentiality obligations extend beyond the protections for personal data required by GDPR.
- Properly password protect devices and enforce lock screen policy
Many people working from home may be using the family computer and are, therefore, likely to be breaking company rules over password protection. Companies should make employees aware of password requirements, check that they are following any Bring Your Own Device policy and enforce locked screen policies when computers are unattended.
- Ensure cloud connected software is properly set up
As businesses have rushed to set up cloud computing connectivity, many of those networks may not have been properly secured. There is an increased likelihood an employee may accidentally send a confidential document to their neighbours’ printer or a public server. It is therefore crucial that companies ensure their online systems are properly set up and connected to the correct users.
- Packing away or shredding confidential documents
As is protocol in any office environment, it is vital that paper documents containing confidential information or personal data is stored away or shredded at the end of each day. With families and housemates close by, and now an increased number of video calls allowing us to look into people’s homes, there are greater opportunities where data could be inadvertently shared and leaked.
- Employees should be made aware of the revised data security strategy
Many companies and their employers may not have implemented processes of remote working before now. It is essential for businesses to advise workers on its data security strategy and to be aware of the conditions under which its employees are currently working.
Caroline Field, Partner at Fox & Partners, says: “Suddenly shifting almost all UK office workers to home working is completely unchartered territory in terms of data security.”
“Even if, as we hope, the ICO is more lenient on fines there are serious financial consequences if a business suffers a data breach.”
Eleanor Diamond, Associate at Fox & Partners, adds: “We have already seen a host of scams where criminals are taking advantage of the crisis and we expect these to grow in scale. Businesses need to be alert to that.”
*The recent Morrisons case only held that the employer was not “vicariously liable” for the illegal actions of its employee that were unrelated to his duties at work and pursued to deliberately harm his employer.
**Normally these could be as much as €20m or 4% of total annual worldwide turnover. However, during the crisis the ICO has said it will consider the “affordability” of the fines it imposes.