GDPR & How to Keep Your Data Safe When Remote Working
The number of people working remotely is rising giving employees’ greater flexibility and freedom to work from any location. Whilst remote working has its benefits, it also has exacerbated risks, and with the General Data Protection Regulation (GDPR) coming into force 25th May 2018, firms should be looking at potential remote working vulnerabilities where sensitive data could be lost or exploited.
Let’s take a look at some of the top tips to keeping corporate data safe when working away from the office.
Public Wi-Fi networks are incredibly convenient and can be a great resource. However, they are also vulnerable to malicious attack, even if you login in via VPN, those few seconds that it takes to connect will still be an opportunity for cyber-criminals to carry out an attack. Think carefully about whether you need to use the public WiFi, or if your task can’t wait until you are connected to encrypted networks such as Virtual Private Network (VPN), Citrix, and Outlook Web Access (OWA).
Keep Your Equipment Safe
Leaving your device in plain view increases the risk of your property being stolen. You should always keep your devices within close proximity to your body or in a secure bag. Also, be aware of shoulder surfers, who may be looking at confidential information that is displayed on your screen.
Encrypt All Information
All portable devices should be strongly encrypted. When utilising public networks, the threat of other users from within or outside your network capturing your login credentials and emails increases drastically. Encrypting your data makes it unreadable and unusable to those lacking the necessary tools to unlock it.
Excellent Password Hygiene
Strong passwords will not only protect your devices and systems being accessed if a mobile or laptop is lost or stolen, they also protect businesses from hackers. Good password hygiene includes using long passwords with multi-characters, two-step authentication processes, and unique passwords for different systems and logins.
Ensure Up-to-Date Security Protection is in Place
Employees working remotely should have antivirus, device encryption, firewalls and web filtering all installed and updated on their laptops to ensure they’re as secure as possible.
Develop Written Information Security Plan
Create and implement Written Information Security Plans (WISP). A WISP is a formal documentation of a firm’s plans and systems put in place to protect personal information and company sensitive data. It includes both administrative and technical safeguards and identifies confidential information, where it is located, how it is protected, and who has access to it. Technical safeguards include an assessment of current policies such as penetration software and encryption and technical policies like password changes and access control.
USB sticks and other removable devices can be a source of malware and should be checked first. Not only that, they can be easily left behind in a coffee shop or on public transport, giving hackers a golden opportunity to steal data. Also, don’t allow anyone to plug in a USB device into your device.
Find My Device
Switch on the “Find My Device” mode: This can help you locate a device if you accidentally leave it behind or it is stolen. Additionally, employee mobile devices that hold company information should include a mobile device management tool that allows the firm to remotely wipe the device if ti is lost or stolen.