Safety while working from home

Facilitate a secure work environment and provide home office equipment to employees.

Encrypt home work equipment and establish rules regarding working from home. At the very least, establish that home work equipment should never be left unattended, such as in the car. Especially cars with keyless entry systems are often targets for theft. If the home work equipment is then encrypted, this reduces the chance that a data breach must be reported to the AP.

Avoid storing (company) information on the employee's personal computer. This almost always leads to unlawful processing of personal data.

Work with paper and USB sticks as little as possible. Make sure sensitive documents are on a secure server.

The safest option is to use data-free home work devices such as "Thin client. These systems contain no storage medium for (confidential) information. Employees can use them to log into their secure work environment. This ensures that all information remains with the employer.

Communicate through secure means of communication. For example, do not discuss via WhatsApp. Still discussed sensitive information via an unsafe channel? Then delete the messages immediately after the conversation.

Note that erasing the conversation after information has been exchanged via an untrustworthy means of communication is - as the AP itself points out - not an alternative to a secure means of communication. It is a last straw. At that point, the information is already on servers in countries where privacy and trade secret laws offer less protection. WhatsApp is still regularly used in many professional groups to quickly share (confidential) information. Even special personal data is shared with it (such as medical information: "employee X has the corona virus"). Keep in mind that in principle this is not permitted by law for two reasons. First, it is unlawful to process special personal data unless there is an exception ground under the AVG. In addition, it is unlawful to process (special) personal data via an insecure medium such as WhatsApp.

Inform employees about phishing emails.

Informing employees about phishing mails should, in our opinion, be considered in conjunction with informing them about safe surfing and secure data sharing. In addition, this tip applies at all times. Both when working at work and at home. Check compliance periodically and enforce if not met.

Finally, we note that many home office infrastructures are not calculated to allow all employees to work from home. As a result, organizations distinguish between critical employees who enjoy access and non-crucial employees who do not enjoy access to the corporate network. However, in many cases it is possible to scale up the home working infrastructure. Contact your IT service provider for this.

This article also appears in the files AVG, Coronavirus, Information Security and Privacy in the Workplace