Healthy data habits for HR
By Sara Newman, Practice Lead and co-founder Securys (www.securys.co.uk)
Many HR teams have been working remotely since March, so the England lockdown is just another day in the home office.
Taking this in our stride is one thing. But a lockdown is not a bad time for pause on the subject of work safety while we operate remotely.
We are diligently washing our hands, wearing masks and making space to protect ourselves and others from coronavirus. Precautions are also needed to protect our companies from privacy breaches, eavesdropping and human error.
Here’s a handy checklist to help your staff stay vigilant.
1/ Remind staff: this *is* your job
While there is a fire warden and a first aid officer in normal times at the office – everyone naturally takes responsibility for avoiding fires and careless behaviour.
Similarly, remind your teams that every member of your staff is a data subject. It’s everyone’s role to protect employee data just as carefully as they protect client data.
2/ Home can be hectic – mitigate against the risks
Many staff are in shared accommodation. Many have children at home. Many have curious pets whose paws wander across the keyboard given the chance.
Remind staff to lock their screen every time they jump up to make a coffee – it only takes a second for data to be accidentally emailed, tweeted, or lost at the wanton touch of a few keys.
3/ Shut it down – ahead of video conferencing
Many a privacy breach has occurred this year when a direct message popped up during a screenshare. Or an open document was visible.
Regardless of which platform your teams are using, they should get into the habit of closing down all other activities before launching a video conference window. Make sure that the home screen is clear of all sensitive material and all folders closed.
4/ Who can hear? Keep work conversations private
A pair of noise cancelling headphones should be standard kit for home workers, so others in the house can’t, at the very least, hear a colleague’s end of the conversation. Also, they should switch off smart speakers and home assistants like Alexa and Siri when taking work calls, as standard practice – it’s essential to avoid even algorithms listening in.
5/ Beware the dangers of the printed word
If staff need to print documents, they must be careful that nobody in their shared space gets to the printer first or is able to view the documents. Sensitive printed material should be locked away when not used, and securely destroyed as soon as possible.
6/ Put that thing away – keeping work devices safe
As home and work life continue to blend in lockdown, some things need to remain entirely separate. Staff should be locking their work laptops away at the end of the day, and week, and putting them somewhere safe. They are not for streaming the latest box set over the weekend, by staff, flatmates or children.
7/ Data drills – but fun
Fire drills remind staff of how to behave in a dangerous situation. Staff engagement around data privacy is important for similar reasons. Rather than slamming teams with policies and procedures, why not try something more interactive such as a quiz? With so many other challenges this year, data privacy might have dropped off the team meeting agenda. It’s vital that you find a place in their calendars to discuss it.
Securys (www.securys.co.uk) is a specialist data privacy consultancy with a difference. We’re not a law firm, but we employ lawyers. We’re not a cybersecurity business, but we’ve got CISSPs and CISAs on the staff. We’re not selling a one-size-fits-all tech product, but we’ve built proprietary tools and techniques that work with the class-leading GRC products to simplify and streamline the hardest tasks in assuring privacy. We’re corporate members of the IAPP, and all our staff are required to obtain one or more IAPP certifications. We’re ISO 27001-certified (and working towards ISO27701) and have a comprehensive set of policies and frameworks to help our clients achieve and maintain certification. Above all our relentless focus is on practical operational delivery of effective data privacy for all your stakeholders.
Our long and varied collective experience means we go wider and deeper than most. We understand that all businesses – particularly the financial, healthcare and resource extraction sectors – exist in a multi-dimensional regulatory environment. Each regulator has different priorities; sometimes these bring about real tensions between compliance workstreams. Our job is to understand the regulatory continuum and help our clients meet all of their compliance requirements efficiently and affordably. Practically, we’d say.