Media Centre

Data Protection in The Times of Coronavirus: Teleworking

24 March 2020

24/03/2020
Technology & Regulation in the Spotlight

In order to combat the proliferation of COVID-19, many businesses are now instructing their employees to engage in teleworking, in lieu of attending work as normal​.

In this context, we would like to inform you of important and recent regulatory and industry guidelines, directed at both employers and employees, to help organizations mitigate data protection and security risks associated with teleworking –

 

In addition, various European data protection regulators, including the European Data Protection Board and the regulators in the UK, Ireland, Germany, Italy, The Netherlands,  Spain and others, have also recently issued guidelines on practical issues of data protection during the COVID-19 pandemic.

Businesses are encouraged to ensure, at these times, that they meet their data protection responsibilities, in particular those relating to information security, and that they appropriately address the challenges related to teleworking. We encourage our clients and friends to review these guidelines, which contain important and recommended organizational and technological security guidelines for teleworking.

For your convenience, below we have highlighted certain key guidelines:

For employers:

  • Address the applicable operational changes in case of remote access (such as ensuring user authentication, giving suitable priority to the support of remote access solutions, providing virtual solutions, etc.);

 

  • Develop, amend or update the relevant procedures/policies, in particular a telework security policy that defines telework, remote access, and BYOD requirements (including the forms of remote access the organization permits, devices that can be used for remote access, the type of access each teleworker is granted, etc.), and define a clear procedure to follow in case of a security incident;

 

  • Provide initial and then regular feedback to staff on how to react in case of problems (who to call, hours of service, emergency procedures and how they evolve);

 

  • Plan telework-related security policies and controls based on the assumption that external environments contain hostile threats;

 

  • Provide guidance on back-up, retention and transfer of data on, to and from employees’ devices;

 

  • Ensure that remote access servers are secured effectively and configured to enforce telework security policies (e.g. ensure that remote access servers are not only configured as a single point of entry to the organization’s network that can enforce a telework security policy, but are also kept fully patched and only managed by authorized administrators from trusted hosts);

 

  • Secure organization-controlled telework client devices against common threats and maintain their security regularly.

 

For employees:

  • Be on the lookout for social engineering attempts, which may include emails with strange file attachments, communications from individuals claiming to be IT personnel asking, or unusual web meeting requests;

 

  • Secure your home network, make sure you are using a secure connection to your work environment, ​​and secure Wi-Fi connection;

 

  • Ensure fully updated anti-virus system are in place, ensure periodical back-ups;

 

  • Ensure safe desktop environment (such as locking screen when working in a shared space).

 

In addition, businesses are encouraged to address other data protection matters, such as updating existing policies and procedures related to access controls, teleworking, business continuity and disaster recovery, and ensuring that any third-party agreements contain adequate security controls.

Please do not hesitate to reach out to us if you need further guidance on the practical implications of these guidelines.

**********************************************

Feel free to contact us with any further question or comments regarding the update and subjects detailed above.

Kind regards,

Ariel Yosefi, Partner

Head of Technology & eCommerce Regulation

Herzog Fox & Neeman

Search by +