HOMEWORKING - 24.09.2020

Homeworkers: IT equipment and mobile devices

Many employees who transitioned to homeworking during the lockdown did so using their own IT equipment and mobile devices. If a homeworking arrangement becomes regular, why should you issue these items to the employee?

Coronavirus fallout

Back in March 2020 the government directed millions of employees to work from home with minimal notice.

As there wasn’t time to make full preparations, many employees could only continue working as normal by using their personal IT equipment and other mobile devices.

A new normality

Under the circumstances, this was considered acceptable and the Information Commissioner’s Office (ICO) announced that it would take a sensible approach in relation to data protection.

Since then, many employees have moved over to a permanent homeworking arrangement. Where this has happened, you should prohibit the use of personal IT equipment and mobile devices. Why is this?

Exceptional circumstances

The simple answer is that, for every employer, personal devices present the biggest security threat. The ICO advises that they should be “avoided for all but the smallest organisations with an immediate need to work remotely and no other remote working capability” .

The dangers

The main dangers of using personal IT equipment and mobile devices for homeworking are that:

  • your employees may be using out of date operating systems and/or software meaning that their personal devices make you vulnerable to data loss and security breaches
  • these items are unlikely to be encrypted
  • personal and confidential data can easily be moved to other devices, e.g. external hard drives or USB sticks, or cloud storage
  • these items may be used by family members or other third parties who could see information that they should not have access to
  • these items may have weak or no passwords
  • the employee may inadvertently download malware when using these items for personal reasons, e.g. playing a game or accessing a personal email account
  • you can’t automatically access information that’s held on personal IT equipment and devices where misconduct is suspected
  • if the employee leaves your employment, you can’t ask for these items back, so they may have access to certain, perhaps sensitive, business information forever.

Safest option

The most secure option is to issue employees with company owned IT equipment and mobile devices. Not only can they be supported and updated remotely, you can insist on their return and prevent data transfers. However, this option is the most expensive. Tip. A more cost-effective alternative for smaller employers is to allow employees to use their personal IT equipment and devices to access company systems, ideally via a VPN. This option still has its risks, e.g. staff may be able to move or copy your data, but they can be limited. Speak to your IT expert.

Apart from the fact employees may be using out of date systems or software, they can copy confidential and personal data easily. The most secure option for you is to issue IT equipment that’s supported and updated remotely. Alternatively, you could allow employees to use their personal equipment to access company systems.

© Indicator - FL Memo Ltd

Tel.: (01233) 653500 • Fax: (01233) 647100

subscriptions@indicator-flm.co.ukwww.indicator-flm.co.uk

Calgarth House, 39-41 Bank Street, Ashford, Kent TN23 1DQ

VAT GB 726 598 394 • Registered in England • Company Registration No. 3599719