Because of the worldwide pandemic, many companies, for it was and is suitable, fully or partly changed their mode into home-office. Home office is mostly welcomed by the employees as they do not have to commute and face other stressful factors connected with their transfers between home and workplace. In Czech Republic, up to 76% of Czech employees would like to keep this form of work further. What are the pitfalls of home office and what should the employer be aware of? In this article we offer a look at the IT and cybernetic risks of home office, so we do not tackle the ergonomics, processes and other OH&S related risks.
Employers and employees need to take into consideration the fact that during home office they deal with sensitive data often of personal nature. Not only Czech legislation is applied on this data, but also the European one, mainly the well-known and directly applied General Data Protection Regulation (EU) 2016/678 from 27th April 2016 (GDPR). Except of general laws and GDPR, there are many specific rules for different fields and operations. Last but not least, it is necessary to mention the possible contractual obligations regarding handling, storing or disposing of sensitive data that arise from the contract entered into by the parties on the basis of contractual freedom.
What shall we be aware of when working from home, so that we do not face any superfluous IT security risks? Here are 4 basic tips:
1. Computer and Notes Only for Your Eyes
Do not leave your computer unlocked, so anybody could freely manipulate therewith. Be sure that you always lock or shut it down when you leave it. Never remove the need to enter your password when signing in. Thanks to these measurements you can avoid the primary leak, even unwanted one, of your stored data. The same goes for paper notes. These should be always kept out of the eyes of random passer-by, ideally in a locked table or drawer.
Open only emails and attachments from trusted email addresses, so you are not attacked by superfluous phishing attacks and these are not spread further. We recommend to doublecheck the addresses of recipients of your email, be sure that your message and information therein are received by the intended person.
3. Data Storage
The ideal solution are cloud storages, which are sufficiently secured and the employer has them under control. Thanks to external cloud storage, the data are not under risk of their loss or theft, because the backup and protection is the responsibility of the cloud provider. The advantage of the cloud storage is also that other team members have access, when awarded, to the stored data, so they can work with them when needed. Further, it is recommended to connect via VPN (Virtual Private Net) when working. Last but not least recommendation is the disk encryption, so the data thereon would not be readable when they get into wrong hands.
4. Strong Passwords
Do not use the same passwords and choose ones that are not easily guessed. Ideal is to set up internal rules for password creation within the organisation together with passwords´ conditions that must be fulfilled, so the password could not be easily breached.
A good practice is to use working computer only for work and have another device for personal activities. A threat for security could also be an open WLAN. Here, we need to bear in mind that anybody could connect to this type of networks, track our activities and collect sensible data. It is not suitable to work with any important data when connected to a public WLAN.
How do the employees behave depends mainly on the company´s politics and its security settings. It is about the whole system and infrastructure. Focus on the compliance with the IT security rules by the employees, inform them consistently and control them. Management plays and important role in this as well because the managers act as models and when they do not follow the rules, neither the employees will have the motivation to do so.
Firstly, we recommend to check which data are used in the organisation and how. Afterwards, it is suitable to define the methods and processes, within which the work with data takes place. On the basis of the collected knowledge, the critical infrastructure and threats can be defined. And thanks to correctly identified risks, the rights measurements and action plans can be set up. Only when this is done, the organisation cannot just prevent the occurrence of threats, but also cope with them, if they appear.
Are you not sure how secure your organisation from an IT security perspective? Do you want to set up systems and operations so that there are no cyber risks? Write us or send us an inquiry and we will set everything up together.
 [online]. [cit. 2020-07-02]. DOI: https://www.novinky.cz/kariera/clanek/tri-ctvrtiny-cechu-chteji-pracovat-z-domova-199912.
 [online]. [cit. 2020-07-02]. DOI: https://www.pravniprostor.cz/clanky/ostatni-pravo/kyberneticka-rizika-pri-praci-z-domova.