Privacy and Security: The Risks of Working From Home
29 June 2020
In a recent article, we discussed the exploitation by hackers of the current COVID-19 crisis by using techniques such as phishing and malware technology, in order to conduct cyber-attacks on businesses and their workers.
Only recently, a group of hackers-for-hire called Dark Basin was exposed for targeting thousands of businesses and individuals with a view to obtaining private data. Similarly, the vehicle manufacturing company Honda recently reported a cyber-attack. Honda maintains that the attack did not involve a data breach but affected its internal network including emails and computer servers. In a more niche example of accidental data breach, a telemedicine company called Babylon Health, which facilitates consultations with GPs over video chat, recently conceded that certain patients were given access to other patients’ video consultations due to a software error.
Running the risk
Our new “working from home” reality has meant unprecedented levels of individuals are conducting all work in their own homes. Most organisations have not conducted risk assessments, nor are they able to ensure that their employees' laptops or internet connections remain secure. This creates an unprecedented risk to companies and their technological infrastructure as the risk of contamination, breach and hack is ever-present.
An additional risk has been identified in the form of one’s quarantine comrades. This exponentially increases the risk of unintentionally sharing confidential or work-related information with those around us, simply due to the level of information now in circulation outside the workplace and the opportunities for sharing, without the usual checks and balances in place for protection of same.
The protections which normally exist in the workplace include the use of individual meeting rooms, restrictions on the use of personal devices, and privacy of phone conversations. These safeguards are eroded by the working from home environment, potentially leading to complacency and a relaxation of the usual rules.
Finally, it is not only confidential information that is at risk of being leaked, but information that is potentially damaging to a business’s reputation that would not normally be shared with those outside the workplace.
Whether the sharing of information in the home workplace with one’s living mates is intentional or not, it can pose real threats to businesses due to the possibility that the information in question is confidential, damaging in terms of reputation or is simply not appropriate to go beyond one's colleagues.
Suggestions for employers
Introduction of a clean desk policy in the home office: as data protection laws have come to the fore in recent years, many businesses have imposed clean desk policies in order to protect against unintentional data breaches. This should be extended to the home workplace such that individuals are asked to ensure their devices are locked or turned off when not at their desk, and any papers are put away outside of working hours. This decreases the likelihood of an inadvertent disclosure of sensitive information.
Policy review and re-training: businesses should review their policies covering confidentiality and the use of company devices to ensure their suitability to the home working environment. They should then be recirculated to employees and independent contractors alike, along with the organisation of training webinars.
Arrange check-ins with employees: management should check in remotely with workers to maintain a sense of community and teamwork that can be lacking when everyone is working from home. This can assist in curating a sense of involvement in the business and in identifying issues which may exist and need to be addressed going forwards. This could reduce the likelihood that such negative discussions are had casually at home rather than with management who can take steps towards seeking a resolution.
As individuals continue to adapt to working from home, differentiating between what is work and what is not has become increasingly problematic. The old adage warning against taking work home is more relevant than ever, as kitchen tables become our offices and kitchens become our coffee stations. No longer is it possible to converse so casually with colleagues, leaving workers to resort to talking to family, friends and roommates as they normally would at work. Unfortunately, this can leave businesses exposed to the actions of those less scrupulous or less careful among the population, without any malicious intent.
The content of this article is provided for information purposes only and does not constitute legal or other advice.