Chances are you or people close to you are working remotely to help contain COVID-19. Working away from the office and within the comfort of your own home is a great way to avoid crowds, distance yourself socially from co-workers, and continue to do the work you do.
Small businesses and new organizations with fewer resources, less data, and smaller workforces can keep things simpler than those in highly-regulated industries. Think about what is reasonable for your organization and what steps will give you the best return. For those employers who are instituting remote workplaces, here are some tips and best practices from a data privacy perspective:
- Inventory your hardware: Consider requiring your staff to utilize company-issued devices that are already configured with appropriate security protocols. This is especially important for staff that require access to sensitive information to do their jobs. Let your staff know that friends and family cannot use company-issued devices.
- Implement appropriate security practices: Consider a VPN if your staff has remote access to sensitive information such as social security numbers, financial information, or other regulated information. Make sure the devices are encrypted if appropriate. Discourage the use of public wi-fi networks, and teach your staff to use complex passwords.
- Reduce access to sensitive information: Configure role-based access to allow staff to see only the minimum information necessary for them to do their jobs. Consider modifying job roles on a temporary basis to avoid access to sensitive information.
- Address lost or damaged devices promptly: Teach your staff common-sense practices like keeping track of their devices and not leaving them unattended. If a device is lost or damaged, tell your staff how to contact you.
- Check your overall compliance plans: Working remotely will increase certain risks to your organization and decrease other risks. Make sure your employment, security, privacy, and other compliance plans are up-to-date to account for these rapidly-changing circumstances.
If you have any questions about these things or would like to learn more about how to keep your company’s data safe and secure during this extraordinary period, feel free to reach out, [email protected].