Remote Working & GDPR
When Covid-19 began to spread rapidly and lockdown was introduced, employees began to start working from home at an unprecedented rate. Now employees around the world with no previous experience working remotely are coming to grips with this new way of operating. This rapid expansion of the remote workforce has presented challenges for employers. Employees are in control of a company’s most sensitive data but may not always maintain secure data practices while working from home. Data leak issues, like misdirected emails or malicious insiders, can put companies at risk of noncompliance with GDPR and other regulations.
The “new normal” of work-at-home isn’t going away anytime soon. Businesses must maintain higher standards of secure access and prioritize data protection practices as employees work remotely for the foreseeable future.
Below are 4 tips to help your organization adhere to the GDPR while employees are working from home.
Refresh Your Data Policy
Define clear policies for remote work that reinforce the importance of protecting data and explain how to do so and what the consequences are otherwise.
Setting well defined company policy for working remotely is very important, given that according to research by VansonBourne on behalf of Imation, 42% of businesses say that they have a hard time keeping track of what information employees can access outside the office, while roughly 25% admitted that an employee had lost a device with confidential emails, files, and consumer data or had such a device stolen from them.
A cybersecurity policy that instructs your employees on how to keep your business’s data safe is an important tool in data protection. If you don’t have one, you should make one. If you have a policy but haven’t updated it since everyone began working from home, this is the time to do so. A good place to start is by reviewing the NIST cybersecurity framework, which provides you with a set of best-practice guidelines for all stages of threat identification and mitigation.
Your IT security policy doesn’t have to be a complicated document. It should cover the reasons it exists in the first place and then lay out, in easy-to-understand terms, the exact security protocols your fellow employees should follow. If they’re confused, they can ask questions, but no one is exempt from the policy. You can also use the free templates offered by SANS, a globally recognized cybersecurity training and consultancy organization, as models for your policy.
The GDPR requires organizations to adopt security measures, such as encryption, to protect data from inappropriate use. Encryption represents a useful method to keep data safe, especially in the case of a breach – even if stolen or exposed, encrypted data would be illegible and useless anyway. Encryption is easier to adopt when working in a company’s offices, but it can also be implemented in devices and software when working remotely.
Access to company data, whether business or sensitive, should be controlled. Employees should have the right to access only that data that is necessary to accomplish their daily tasks. Measures such as “need to know”. “least privilege”, and “segregation of duties” should be in use so that the company’s data is protected from information loss. Moreover, companies should ask their employees to use a corporate Virtual Private Network (VPN), which is an encrypted connection over the internet from a device to a network: in this way, data could be safely transmitted, while preventing access by unauthorized people.
Monitoring Remote Sessions
With more employees working from home, companies are seeking ways of monitoring remote sessions. One compelling case can be made for recording remote sessions for later playback and review. Employers are concerned that in the event of a security breach, they won’t be able to see what was happening on users’ desktops when the breach occurred. Another reason for recording remote sessions is to maintain compliance, as required for medical and financial institutions or auditing for business protocols, etc.
TSFactory’s RecordTS v6 will record Windows desktop sessions reliably and securely for RDS, Citrix, VMware, Azure, AWS host systems plus more. Scalable from small offices with one server to enterprise networks with tens of thousands of desktops and servers, RecordTS integrates seamlessly with the native environment.
Click here to learn more about secure remote session recording.