Working from home.
Securely and with clear rules.
Remote working needs to be effectively managed. Not only by each employee working from home, but also by the company itself. When establishing protocols for working from home, employers must comply with essential legal data protection aspects according to Article 4 No.7 of the GDPR and must ensure data protection outside the facility through appropriate technical and organisational measures.
As a data protection expert with years of experience, REISSWOLF knows what needs to be considered when handling data and has prepared a short list for you containing important checkpoints – for coordinated establishment of home offices, good digital collaboration and satisfied employees.
- General guidelines and rules for working from home help your employees to orientate themselves. For example, they know how company documents must be handled, whom to turn to if they have technical issues, or who their contact partner is with regards to data protection in order to clarify any questions quickly and directly.
- With short inductions, accompanied audits or brief information sessions, your employees can refresh their knowledge regarding data protection, developing a better understanding of the necessary processes, procedures or tools when working from home. In addition, this induction can be recorded as verification. By the way: you can read more about the cases and work situations in which particularly sensitive data can be processed in Article 9 of the GDPR.
Premises and work environment
- You can actively support your employees with tips for the ideal home office set-up or a non-observable workspace.
- Lockable cupboards enable employees to securely store laptops, computers, tablets, mobile phones, USB sticks and printed documents or files, if they cannot set up a lockable home office.
- Privacy filters protect against unauthorised people viewing employees’ monitors if the home office is shared with other people. In addition, locking the computer screen helps protect against unwanted viewing.
- Confidential telephone calls should not be held in rooms with open windows, in gardens or in the presence of unauthorised people.
Documents and files
- As it is not (yet) possible to use or depict all work processes completely digitally, clear regulations help employees to handle files and documents in paper form when working from home.
- On the way to or from the home office, opaque folders or lockable briefcases protect sensitive documents.
- A no-print policy and the deliberate avoidance of printers in the home office can be devised and specified. Often, however, this is not sufficient and private printers are used regardless. Here, precise details are required regarding how printed company documents are to be handled, and how the data stored on printers is to be removed.
- Shredders placed over rubbish bins can in theory comply with data protection requirements – when the particle size and operation is appropriate. However, the devices often fail in practice owing to technical faults caused by overuse or dust and noise emission.
- Printed documents or handwritten notes containing sensitive data must also be safely destroyed in the home office as soon as they are no longer required. Here, it is useful to collect company documents centrally, for example in the REISSWOLF Homeoffice. Box., in order to be able to transport them simply and directly to the certified destruction process.
The REISSWOLF Homeoffice. Box. allows employees working from home to centrally collect sensitive documents and send them to REISSWOLF to be destroyed in a GDPR-compliant manner.
You can also order certified document and data destruction for your office rooms with just a few clicks. At a fixed monthly price. With the best possible data protection, maximum transparency and optimal scheduling.
Important information from the Federal Office for Information Security (www.bsi.bund.de):
If employees are unable to properly dispose of data storage media and documents, they are thrown into household rubbish or disposed of while travelling. This allows unauthorised third parties to access valuable information. Documents containing sensitive information must therefore be able to be destroyed securely, including when working from home or travelling.
Server access and software
- While working from home, sensitive data should only be processed using provided or approved software. Use a list to inform your employees which software is permitted for use and whom they can contact in order to install this software.
- Sensitive files can be protected with passwords, so that only employees who have the password have access. A good way of limiting access and avoiding hacking.
- While working from home, private email addresses may not be used to carry out company work. For accessing employees’ own company emails, a secure browser application or a locally installed web mailer may be used.
- Secure passwords protect email accounts, WLAN connections and sensitive documents while working from home. Here, it must be ensured that the password does not contain any personal user data (such as the last name), is at least 12 characters long, contains special characters, upper- and lower-case letters and numbers, and that different passwords are used for different accounts.
- A separate system should be provided for data storage and data backup, and usernames and passwords should be assigned. This allows you to precisely define who has access, for example using two-factor authorisation.
- A reminder to regularly store locally processed data protects against possible loss of data. Regular updates guarantee additional protection and should be installed promptly.
- Which messenger and cloud services and video conference systems may be used should be checked and specified in advance. Here, end-to-end encryption is essential.
- A refresher on the topic of phishing emails and spoofing helps to revive employees’ awareness of the topic.
- For secure data transfer, encrypted HTTPS or VPN connections are advisable. Your employees should also check their own LAN/WLAN connections and adjust the security settings.
With the ELO ECM Suite, you can simplify your employees’ digital collaboration, pooling knowledge centrally and making it accessible as required. The major advantage of this solution: it can be precisely adjusted to fit your work environment.
- In order to guarantee the best possible working environment for each employee, the necessary IT equipment can be provided on an individual basis and supplemented on request.
- External storage on encrypted data storage media protects processed, personal and sensitive data.
- With individual passwords for laptops, smartphones, USB sticks or external hard drives, it is more difficult for unauthorised third parties to access data, thus protecting it.
- Additional data protection is ensured when working from home by encrypting hard drives and data storage media.
- Private telephones may be used when working from home, if it is ensured and documented in advance that they must be used in a GDPR-compliant manner.
IT and internet access
- With strong passwords for their own routers and their chosen Wi-Fi network, as well as an active firewall, employees can prevent unauthorised access by hackers.
- Video conference tools which only allow access to conference rooms via individual invitation links or passwords ensure that your internal meetings stay internal.
- A remote connection providing your IT experts with remote access helps to solve technical problems quickly and effectively.
Download the free PDF with all the important checkpoints for secure remote working – feel free to distribute it in your company!
Find out more about data protection, virtual collaboration, intelligent archive software and much more in our webinars.
Working from home is not mobile working!
Working from home refers to working from a fixed workplace, and must therefore comply with the same requirements as the company workplace. Mobile working, on the other hand, counts on employees’ flexibility. Here, all that is needed is the right equipment, which is provided by the employer, so that employees are accessible – regardless of where they are or where they want to work.
This list makes no claim to be exhaustive and is intended only as guidance and support as well as a brief self-check. You can also find more useful information at www.allianz-fuer-cybersicherheit.de and www.bsi-fuer-buerger.de