Due to the coronavirus, the office is replaced by the kitchen table for most employees. This home office situation is unique and presents many challenges: self-management and motivation within your own four walls, the feeling of loneliness due to the lack of social contacts, the simultaneous organization of work and family life, the general uncertainty about further developments.
The new day-to-day work also entails challenging tasks related to risks and data protection for compliance managers. In many companies, home office was not common practice before the crisis, so changes are significant.
What are the risks?
To keep the business running, many teams pragmatically use the usual Internet-based tools to communicate with each other and with business partners. However, its use is usually not based on a company-wide concept coordinated with the IT department, so a secure data management system is missing. Many employees also work on their private devices and use their private WiFi network.
This increases the risk of sensitive business data loss, cyberattacks or family members’ insights into confidential information. In any case, the employer is also responsible for compliance with data protection regulations in the home office. Secured company VPN connections ensure that data is protected, but these are often not available to all employees.
Incorporation of data protection in the home office policy
If not already in place, now is an appropriate time to set up a companywide home office policy. For example, with this policy the assignment of secure passwords, encryption of external data carriers, the storage & destruction of sensitive documents, the design of the workplace at home and the private use of company-owned devices can be regulated. In addition, employees should be made aware of common methods used by cybercriminals and instructions should be given to deal with suspicious calls, emails, links, and payment requests.
Establish internal whistleblower system
Home office comes with an increased risk of compliance violations – be it due to the lack of separation of work and private life, the reduced possibility of supervision, or the challenge to meet set goals despite the crisis. A trustworthy internal reporting system offers employees the opportunity to share their knowledge of questionable behavior in a secure environment. The company has the opportunity to minimize risks and avoid liability cases. If the Compliance Manager has previously received notices, the current situation is suitable for setting up an electronic whistleblower system that guarantees anonymous reporting regardless of location.
Long-term tendency towards more home office work
It can be assumed that we will remain in the home office for quite some time and that the tendency towards more work from home will continue even after the crisis. The American company Twitter, for example, recently announced that its employees can continue to work in the home office without restrictions even after the Corona period. The establishment of appropriate guidelines and reporting systems and the general sensitization of employees to the topic of data protection ensure that companies not only master the current crisis, but are also well equipped for the home office topic in the long term.
More to read on this topic:
Photo by Kevin Bhagat on Unsplash