While technological developments over the last couple of decades have made this transition to remote working a relatively seamless one, it’s important to stay vigilant: working from home can increase risks to employee privacy and company security, making it a growing challenge for employers.
These are some of the main threats, along with suggestions on how to mitigate the risks:
Unsecured WiFi networks are, as the name implies, not safe. Public WiFi networks are usually unsecured and therefore susceptible to being breached by malicious parties spying on internet traffic and collecting confidential data. When working outside the office, employees should use a secured WiFi network (such as their home WiFi).
Company devices should be well equipped to deal with data security risks through the installation of as strong antivirus software, customised firewalls and automatic online backup tools. These features are essential to protect company data from being exposed to malware or being leaked or compromised. Personal electronic devices may not have the same security features that employers have installed on company devices, so employees should be discouraged from using personal computers for work purposes. If employees are allowed to use their own devices, a bring your own device (BYOD) policy should be implemented. A password policy should also be in place.
For more information about BYOD Policies please click [here].
Keep an eye out for “phishing” emails: these are email messages that will, at first glance, appear to have come from a familiar recipient. Phishing emails are used by cyber criminals to steal information such as personal data, bank details and access to accounts, and may lead to fraud and identity theft. Such attacks are usually targeted at specific individuals and are often not easy to detect. Employees should always check the sender’s email address is correct, especially if the email seems strange or suspicious – for instance if it contains poor grammar or spelling mistakes, or if an unusual request is made.
Employees should be encouraged to always use their work email address for work related emails, and their personal address for personal emails. In order to safeguard the employee’s privacy, company devices should not be used for personal and non-work-related matters.
Confidential information should never be saved locally on the employee’s desktop. Work-related data should be stored on a cloud-based server which has been verified by the company’s IT department. Employees should be aware of the company’s storage policies and know where and how to safely save their work, especially when working from home.
Employees should be trained to recognise a data breach. Even accidental losses of data or hardware may constitute a data breach that may need to be reported to the Information and Data Protection Commission. Companies should have a clear data breach policy in place, and employees should be familiar with its contents and know what to do if a breach is suspected.
The most effective way to ensure the mitigation of cybersecurity risks is to educate staff and create awareness about potential issues, their effects, and how to prevent them. The majority of data breaches are caused by simple human error. Companies should have clear, easy to understand policies and employees should receive regular training on their contents so that they are able to comply with company policy and recognise a risk as soon as possible.
The above is not to be construed as legal advice and only sets out our general views which may change when assessing specific circumstances.