Remote Work is a great option for millions of people globally. Allowing workers to perform their duties from almost anywhere has a lot of benefits, both for the employees and the employers.
Workers feel comfortable creating a schedule and atmosphere that works for them, whether it be the coffee shop, or their own living room. But, one major concern with working remotely is how to keep customer data and privacy secure.
The General Data Protection Regulation (GDPR) was created to do just that.
Consumers have spoken, and the government agrees – businesses no longer have the right to keep Consumer data without their permission, or use it in ways that affect the consumer negatively. And even though this is based in the EU, this affects companies globally, especially if they have consumers from the EU.
Since this legislation took place in 2018, most companies have taken serious efforts to abide by these rules, and make sure they have plans in place for if a customer requests their data to be removed.
However, it has become easy to overlook how Privacy rules can be followed when the worker is no longer in the physical workplace.
Remote workers are also held to the same standards as their “in office” counterparts, but there is an added extra layer of concern about making sure they are still compliant.
- How can you ensure they’re following the rules your company has in place when they’re accessing your organisational (and thus, customer based) data from potentially unsecured internet connections?
- And what if they have poor security practises, as well?
There are additional steps you can take as a company (or as a manager) to push good practices on remote workers. Here are 5 Immediate Steps you can Take to Ensure GDPR Compliance with Remote Workers.
This goes a long way, but if you haven’t had presentations on the scary parts of violating GDPR, you should. And if the last all-hands meeting you had was two years ago when this first came out, well, you should make it an annual event.
Make sure they have absolutely no question about the severity of violating customer data privacy rules, and then go about instructing them on the “do’s and don’ts”.
For remote workers, go over how easy it is for valuable data to be captured maliciously in a public space, even if it’s from a camera phone (…it happens).
Make sure they understand the importance of why the rules are in place and have them sign documentation that they agree to abide by the best practices your company has implemented.
Public Wi-Fi Rules.
The bustle of a coffee shop can be a wonderful place to work, with the clinks of cups and saucers, the smell of espresso, and the chittering of the mid-morning crowd.
However, it can be a terrible place to work as far as security is concerned. Accessing public wi-fi spots on a company computer to access company information should be a No-No especially without other steps in place.
The list of ways hackers can intervene with the information being sent while using public wifi is as long as this page, ranging from setting up “dummy” hot spots, so you think you’re using the coffee shop’s to worms and malware. Limit this as much as possible. But if you can’t…
Require a VPN.
This is a must-do. Require users to login to a Virtual Private Network (VPN) before accessing the data, whether it is in a public space, or their own home. This encrypts their connection to your company servers, making it a bit safer. Many employees think “oh, it’s my own set up at home, it’s safe”.
Well, unless they live in a cabin in Antarctica, don’t risk it. Neighbors and passersby can still hack their Wi-Fi as easily as a stranger in a coffee shop. And, actually, there are some businesses that require companies to ensure their employees will only access data if a VPN is used, so not having this in place could land you in serious hot water.
You know those games on social media where everyone shares every mundane thing about themselves, such as favorite colors, child’s middle names, etc? It’s fun, right?
And it’s a way to gather password information…which isn’t so fun for you.
Unfortunately, we are all creatures of habit, and many employees – remote or not – just don’t think someone will ever hack their password. It’s very frequent to find the same password across multiple sites, including your company access.
Have a 30 minute training with your remote employees on ways to come up with creative passwords that they can use. Ensure it is unique, and uses a variety of characters. Just make sure they don’t write it down on a sticky note next to their laptop!
Two Factor Authentication.
While this is another step that needs to be turned on by your IT department, this doesn’t give remote workers a choice when logging in.
Using Two-Factor Authentication is a great way to require them to use two methods (such as password and security question), limiting the chance that a stolen password alone will provide access to your sensitive customer data.
While there are a lot of things your company should consider in making data secure, these are just a few you can implement immediately to help increase your alignment with data privacy and security.
You can find out more at: