Top ITAD and Data Security Tips for Working Remotely During Covid-19
TOP ITAD AND DATA SECURITY TIPS FOR WORKING REMOTELY DURING COVID-19
For many companies, Covid-19 is forcing people to work from home or self-isolate for the first time. While necessary from a public health perspective, companies need to have proper processes in place to manage the transition from office to home working.
From a business perspective, one of the most influential aspects of Covid-19 pandemic is how it is forcing people to work from home. While many jobs may have facilitated such practices for one or two days per week, it is unprecedented that staff are being asked to remote work for longer periods, or in some cases, the foreseeable future.
Most large organizations will have pandemics or ‘Acts of God’ on their risk registers, yet the chances that they have an off-the-shelf action plan which will facilitate the immediate working from home for nearly all employees are unlikely.
While remote working will be vital to keep businesses operational, such emergency practices should not be implemented without a solid IT Asset Disposition (ITAD) and Data Protection policy
Here are our Top Four Tips for remote working.
- Adding devices to the asset register
Ideally, all employees should work remotely using company assets, such as laptops or tablets. However, such is the unprecedented nature of the Covid-19 pandemic, even companies that ordinarily offer corporate assets to their staff, may not – due to supply chains and a spike in the purchase of laptops – be in a position to provide devices.
If companies are allowing staff to use their own devices for work, these assets must be tagged and added to the company’s asset register. Failure to add such assets to the register may lead to devices falling foul of existing IT processes and procedures.
Typically, policies governing security (multi-factorial authentication, for example) are rolled out centrally and on known assets. Failure to implement such policies on all assets as they come on stream will lead such assets vulnerable.
- Pick your cloud provider carefully
A big winner from Covid-19 will be the increase in the use of cloud services by large tech companies such as Microsoft, Google, and Dropbox. Undoubtedly, they will be much used and will allow companies to keep the lights on.
However, selecting what cloud provider to use will be vital. Office 365, for example, allows users to access documents from a GDPR-compliant cloud-based server thus keeping the documents within GDPR legislation.
However, if a company allows staff to use personal cloud accounts or free accounts, the security of the documents from an audit perspective may come into doubt. Document owners need to be confident that files in circulation are accessed by and are stored in corporate libraries, and don’t end up on private machines synced on their desktops.
Therefore, before opening up the cloud to your staff, ensure that proper policies are in place regarding their correct usage.
- Avoid GDPR-related fines
While the EU has suspended rules requiring airlines to run most of their scheduled services or else forfeit landing slots, thus helping the industry in the eye of the Covid-19 storm, it is highly unlikely that it will ignore GDPR breaches which happened as a result of the pandemic.
Therefore, just because we are working in extraordinary times, it does not mean that we start ignoring GDPR in the belief that EU laws can be challenged successfully based on Covid-19.
It’s important that data and documents are classified centrally in order for employees to make a legal and informed decision as to what documents they can, or cannot, access on personal devices.
Therefore, GDPR policies that are in place must be adhered to for all staff regardless of where they are working. A data breach is still a data breach, Covid-19, or not.
- Data sanitization of personal assets
At some point in the future, Covid-19 will cease to be an issue and regular working practices will resume. And while the success or failure of remote working will be debited within boardrooms, just because employees have returned to their desks does not mean that they can forget about their experience of remote working.
If employees were using their personal devices while at home – and there is no need for them to do so again – all documents/data sitting on personal devices must be sanitized accordingly.
A policy must be in place, along with practical procedures for staff to ‘clean’ their devices, in order for companies not to be subjected to laws relating to data mismanagement or the possibility of sensitive corporate information remaining on personal devices.
Covid-19 will have a phenomenal influence on society as a whole. From travel restrictions to a ban on mass gatherings, it’s important that the risks that companies face are not further increased by a knee-jerk and badly thought-out response to facilitate remote working.