It is a common modern-day trend to work and have meetings in cafés. You might want to stray away from this one. This practise is not advisable even under normal circumstances as the public networks are not secure and your data can be hacked by users of that very same public network.
In response to the threatening Coronavirus and Government’s plead for social distancing, most companies have resorted to a ‘Work From Home’ (WFH) / Telecommuting system only to ensure continuity of business activities. Although WFH is a prized perk offered to all employees during this lockdown period, it is a nightmare to the companies when it comes to data security! The pandemic has caught them off-guard and scampering to get their systems into place.
A few important measures businesses should undertake is to enhance the network and bandwidth of their Virtual Private Network (VPN) and establish a policy to allow employees to work from home. Most large scale businesses have addressed these issues, but keeping in mind the overwhelming cost of these measures, some businesses have landed themselves in a soup.
Some challenges which the businesses are bound to face during this stressful period are as follows:
- Communication between employees and clients, as well as among employees themselves will be a major task as India has never faced such a situation before where most of the workforce is functioning remotely. Indian businesses were definitely not ready for this considering the percentage of person-to-person management required.
- The cost of enhancing the network and bandwidth of VPNs to allow more employees to access the company’s network simultaneously, because it can otherwise turn out to be problematic and hamper the process of the employees when they try to access the internal resources of the company.
- The IT resources will likely be strained and overloaded while trying to set systems in place for implementation of access, authorizing and authenticating access to resources that must be kept out of reach when working from home.
- The data security concerns increase as more than 75% of the employees don’t pay heed to security and privacy measures presuming that their network is safe and secured. This makes it trouble-free for hackers to access sensitive information from your devices and jeopardise the safety of your data, whether personal or professional.
- There is no specific law in India to address work from home concerns, although it is known that India has signed but not ratified the ILO Convention 177 (of 1996). There was a draft National Policy on Home-Based Workers drafted by the Ministry of Labour in 1999- 2000. Unavailability of a dedicated legislation could create complications for business as they will be liable for the breach of any client related data as the Information Technology Act, 2000 doesn’t distinguish between workplace and home. There are hardly any systems and security established for the protection of the same in case of remote working conditions.
- Some small businesses may also face challenges relating to shortage of laptops, which will force them to allow employees to use their personal devices to carry on work. This highly endangers company data if their personal devices are not protected with a reliable anti-virus protection.
- One of the undermined tasks is going to be keeping the employees feeling positive and motivated in these crucial times.
Businesses should provide sufficient instructions to their employees to ensure data security is not breached. Here are a few important things that employers and employees, both, should be aware of:
It is a common modern-day trend to work and have meetings in cafés. You might want to stray away from this one. This practise is not advisable even under normal circumstances as the public networks are not secure and your data can be hacked by users of that very same public network. It is not only the other users you must beware of, but also of these large companies who thrive of big data and collect all the information required from your devices.
Thankfully, the café situation is avoided due to the COVID-19 pandemic, but the same applies to your home Wi-Fi. NO, it’s not as you may think it is. Even through this Wi-Fi network a common user can access the data on your connected devices. Now that cyber criminals are on high alert, your data can easily be hacked if your password is not strong enough.
- So ensure that your software is regularly updated, or automate the updates.
- Keep a strong password for your Wi-Fi and email IDs and keep changing it from time-to-time.
- Do not use your personal email on your work laptop. Miscellaneous emails received on your personal email ID could contain a suspicious link or document which can harm data security if downloaded.
- Beware of phishing emails you receive in your inbox or in your spam folder. Think twice before opening an email. These contain unauthorized scripts.
- Hacking cameras and microphones is the one of the easiest ways of encroaching into your personal surroundings. Always cover your camera and microphone when it is not in use. This ensures that not only your data on the device, but also your surrounding environment is protected.
- Avoid sharing your workspace or your word-issued devices with family members
- Use only original licensed software for work and not unlicensed duplicate ones.
These were basic guidelines that should be followed in everyday life. Apart from these, businesses must ensure end-to-end encryption of data when employees access the internal networks of the company through VPN. The data should only decrypt at the receiver’s end. Along with this, they must have a strong VPN key to prevent hackers from hacking into internal systems. Restrict access of employees to such internal sources which are highly confidential and should necessarily be kept out of reach. Provide VPN access to selective employees to only to employees at higher levels of management.
It is advisable for business to incur necessary costs and purchase anti-virus licences for all employees working from home as it is very difficult to ensure that they don’t download malicious software or access shady websites which can be a hacker’s hub.
Businesses should use reliable video calling / conferences software like Skype, FaceTime and Google. Companies like Apple and Google are extremely protective about their data and can be trusted for official use.
Employees should make sure that data is backed up on the company servers (if possible) or at least on the Cloud like Google Drive, DropBox, IDrive etc.
Enforce reasonable session time-outs for sensitive programs or applications.
Conduct regular training sessions for employees so that they continue to remain updated, feel involved in regular day-to-day business activities and are driven to work productively.
In conclusion, stay positive, motivated and most importantly stay indoors and stay safe!
Author- Sonam Chandwani, Managing Partner, KS Legal & Associates