As the UK Government moves to slow down the spread of the COVID-19 virus and following yesterday’s guidance, many of you will now be asking your staff to work from home or are looking to introduce increased home working.
It is of course important that any devices used for remote access are password protected and encrypted, with a fully updated anti-virus system in place and up-to-date security software.
At the same time though, in what are unsettling and stressful times for everyone, staff may easily overlook basic data protection and security measures.
Clear plans should be put in place to ensure that staff and their managers communicate effectively and appropriately. As part of this, you may wish to issue a reminder to staff of your firm’s relevant policies. This would typically include your data protection, confidentiality and ICT policies (and, if applicable, use of own devices policy). You might want to re-circulate these policies to staff and ask them to confirm that they have read them.
We suggest that you also re-emphasise the importance of maintaining client confidentiality and data security and remind staff that:
- telephone calls with clients should not be capable of being overheard;
- any documents printed out must be shredded (and printing should in any event be kept to a minimum);
- secure connections must be used for accessing your systems;
- the firm’s information should only be stored in the designated area and documents should not be stored on staff members’ own devices (unless previously permitted with appropriate safeguards);
- they should ensure information is properly backed up;
- the firm’s information remains the property of the firm at all times, no matter what format it is in, where it is stored or how it is accessed.
Criminals are trying to benefit from the current situation. There has already been an increase in phishing attacks. We therefore strongly advise against mixing work and personal activities on the same device. Staff should be particularly careful with any e-mails that make reference to the Corona/COVID-19 virus and be reminded to be extra vigilant and to look out for phishing e-mails and scams as attackers are trying to exploit the situation. Even if an e-mail appears to come from a known and trusted source, if there is any doubt over the authenticity of the request, it is best to verify it via other means first and not to click on any suspicious links or open attachments.
Remind staff to be very suspicious and verify the authenticity of
- e-mails from people they don’t know, especially if they ask to connect to links or open files;
- e-mails that create an image of urgency or severe consequences;
- e-mails that appear to come from a known and trusted source but ask unusual things.
We also recommend that you consider your obligations regarding your insurance as you may need to notify your insurer of the change to your working arrangements.
Please do not hesitate to get in touch if you would like further advice. We will continue to remain at your disposal should you need assistance. In the meantime, we hope that you, your colleagues and families stay safe and well.