For more than a year now, we have been both discussing and experiencing the phenomenon of large-scale working from home. The Coronavirus pandemic has forced many businesses to rethink.
Currently, the German government only recommends that employees be allowed to work from home. In many cases, however, a “right to work from home” is also being discussed.
What are the advantages of working from home?
- contacts are reduced and the incidence of infections is significantly curbed: according to the Munich ifo Institute, the following rule of thumb applies: 1% more people working from home causes a reduction in the infection rate of up to 8%.
- increased satisfaction and flexibility,reduced stress
- less carbon emissions and pollution
What are the arguments against working from home?
- not every job is suitable: 6 out of 10 employees work in jobs that cannot simply be carried out at home
- often, there is a lack of suitable IT infrastructure
- work and private life are mixed and social contacts are missing
If a right to work from home is discussed, the following must be considered:
- Can we ensure an adequate level of data protection?
- Is the digital infrastructure capable of allowing employees to work from home?
Questions around data protection for working from home office are governed by art. 32(1) GDPR. This rule requires businesses to implement appropriate state-of-the-art IT security measures with regard to the data that is being processed.
For example, it is important to set up an IT security policy for employees working from home and to raise awareness among employees working from home. Employers and employees should work together and ensure that personal data and trade secrets remain protected.
On the website of the German Federal Office for Information Security (BSI), you can find more information on this topic:
The five main points mentioned in this document are the following:
- Set up clear, unambiguous and binding rules on IT security and data protection in writing. Communicate them to all stakeholders.
- Nothing to see here: Implement measures in your office space at home that achieves a level of security comparable to an office space. Lock doors when you leave the workplace, do not allow third parties to see through windows.
- Set up clear contact and communication channels that can only be used by verified employees.
- Beware of phishing: There may be an increased number of phishing emails that try to take advantage of the current situation and want to obtain your sensitive data by toying with remote access, password resets, etc.
- VPN: Ideally, you should access your institution’s internal resources via a secure communication channel (e.g., cryptographically secured virtual private networks, or VPN for short). If you do not yet have a secure and scalable VPN infrastructure, inquire out about possible solutions.
These principles require investments on the part of a company including infrastructure (secure notebooks and smartphones), privacy-compliant software, VPNs, disk encryption, creation of policies, and more.
These are investments that should not be shied away from, because one thing is clear: No door should be left open for data theft and cybercrime, even when working from home.