2 min read
Photo credit: Writix During the first lockdown, our priority was to quickly facilitate working from home and keep business moving. We did this...
How do businesses strike a balance between cyber security and employee privacy? Many organisations across numerous industries use robust cyber security practices to stay on top of emerging and existing threats.
However, some security measures can impact an employee’s daily routine. For example, a company may use surveillance tactics to monitor cyber security threats. But does this invade employee privacy?
Some companies work with highly sensitive information such as trade secrets, internal strategies and customer data. Unsurprisingly, business leaders want to do whatever they can to protect sensitive data. The company may increase its security measures, but employees might feel a loss of some privacy as a result.
In addition, some businesses may fear that potential insider threats could disrupt operations. What if a disgruntled employee accesses confidential company records or financials? What if someone leaves to work with a competitor and shares internal strategies? It’s also possible an employee might make an unintentional mistake, which is still considered an insider threat — in fact, 17% of data breaches are the result of accidental internal errors.
Companies must consider these factors when developing their physical security and cyber security in a fast-paced environment.
Unfortunately, businesses must grapple with the fact that cyber security and privacy can be at odds with each other. They must prioritise protecting business assets while protecting employee privacy and their company culture. How can employers balance privacy without compromising security?
Before implementing any security measures, a company must determine which data-privacy laws they must comply with. For example, GDPR and the EU’s General Data Protection Regulation requires companies to obtain employee permission to store personal data. While names, birth dates and addresses are generally safe to hold, a company may need written authorisation to store other data.
The Human Rights Act, established in 1998, provides an excellent benchmark. Ultimately, any cyber security or physical security measures taken by a company must honor government legislation. Once a company researches applicable data protection laws, it can move forward and develop relevant company policies and terms to be included in their employment contract.
Creating an information technology security policy and remote working policy is essential for any company using digital technologies, which is all businesses today. Companies should set a firm, comprehensive policy regarding employee privacy, cyber security, and the relationship between the two.
Keep sentences short and use easy-to-read language.
Use bullet points to summarise what the procedure is saying.
Include links to other essential documents.
List a contact/manager internally so employees can ask questions about the policy.
Write about good cyber security practices and what privacy rights employees are entitled to.
Ultimately, the cyber security policy should empower employees to use equipment and access the company network safely, while protecting critical data.
After establishing crucial company policies, now is the time to hold employee training sessions. Cyber awareness training and cyber posters allow employers to ensure their team understand the policy. It also provides employees with the opportunity to ask questions about their rights and responsibilities.
It’s also critical for companies to keep employees updated on what tools they need to use within the company network. Suppose a small business implements time-tracking software to support remote workers and create an efficient working environment. In that case, employees must know how the software works, what information it monitors and why it benefits the company. Team members should be told how the software tracks their activity and how they can keep sensitive information private.
It’s best practice to educate employees on what privacy means, how the company respects it and any other cyber security expectations they should be aware of. This will help foster a trusting relationship, grant employees and employers peace of mind and allow the company to succeed in its industry.
It's security best practice to only provide access to IT and systems you need to perform your job. Employees should therefore reasonably expect only to have access to financial information if they work in the finance department or are in the senior management team.
If a company lets an employee go or hires a new employee, cyber security and privacy are two aspects of the business they must seriously consider. Managers should bring employees up to speed during the onboarding process on best cyber security practices and their privacy rights.
Additionally, any employees leaving the company — for whatever reason — should be alerted to their company’s IT team. They should not be able to access their work accounts or log into the company network once they enter gardening leave or their employment contract ends. Suppose an employee leaves the company on bad terms — they could seek revenge by leaking sensitive information about the company, damaging its reputation.
Companies must balance protecting their assets and honouring employee privacy. It’s well-understood that people value their privacy, so every type of employer should respect that. In doing so, they’ll find their workers happier, more engaged, productive and willing to go the extra mile.
Because the cyber security landscape is changing and attacks are becoming more frequent and intense, protection must remain a top priority. Companies should do their best to establish clear policies that outline employee rights and emphasise the importance of maintaining a strong cyber security posture.
We help small and medium-sized business implement a proportionate level of security to their business, which is affordable. See our cyber security packages for more information about the cyber controls included and contact us to speak to one of our cyber experts.
3 min read
Maintaining network security while employees work from home is a challenge. Work-from-anywhere is the new norm. COVID19 has drove us to embrace...