What are employers' responsibilities when we use personal tech to work from home?

With many more months of lockdown ahead of us, and workers reluctant to return to the office full time, it's time to think about roles and responsibilities

As we’ve been working from home for the better part of a year now, you might expect employers to be fully on top of their responsibilities when supporting people who use their personal tech for work activities. This isn’t always the case, however, so it’s worth familiarising yourself with the responsibilities employers should take when we use personal tech while working from home.

Are we really still using personal tech for work?

Related Resource

Employees behaving badly?

Why awareness training matters

Why awareness training matters - whitepaper from MimecastDownload now

If there’s any doubt that we are still using personal tech for work, some sobering research from digital identity management firm SailPoint found that 25% of people in the UK use their own computers for work, while 11% have borrowed computers from family members or their partner. 

Reversing the picture, 34% of remote workers in the UK said they use their work devices for personal uses with 64% of these checking personal emails and 60% admitting to doing online shopping. There are security implications, too: 42% of UK employees say their company has not put any additional cybersecurity measures in place in the last twelve months, while 24% said they have shared work passwords with a partner or family member.

This reveals that the blurring of what constitutes work and personal equipment and how this tech is used is still very much alive and kicking. It could create significant headaches for employers. 

Getting serious about responsibilities

It’s important for employers to take their responsibilities around all of this seriously. Felipe Polo, a digital-focussed entrepreneur, non-executive director and investor, who helps organisations align their tech, teams and business strategy tells IT Pro: “[You should] make sure your employees have everything they need. Regulations may differ depending on the territory your employees work in, but at the very minimum, provide them with good laptops, good monitors and a good VPN in case they need to work with internal networks.” 

Employers have some very clear legal responsibilities around all this. Take data security such as that required around GDPR for example, where there are legal requirements around managing personal information. Employers can expense their responsibilities around such areas. Christian Brundell, associate in the regulatory team at law firm Walker Morris explains: “To the extent an organisation incurs costs in connection with data security, those costs will be part and parcel of the business operating expenses and will generally be viewed by regulators as a burden that coexists in tandem with the benefit derived from the commercial activity. Accordingly, the employer will generally be expected to address any costs that arise in this respect.”

In practice this would mean employee support is likely to involve the provision of a secure access portal to employees (typically through use of a VPN), but wouldn’t amount to an obligation to contribute to employee home connectivity costs. Employers might offer to provide discretionary financial support, however.

Device security

When it comes to using personal tech for work, device security is more important than ever. How can a firm be sure that the data on a home worker’s device is truly secure? Tom Venables, practice director  for application and cyber security, at risk management consultancy Turnkey Consulting, explains that “from a data protection point of view, employing organisations have to ensure that they’re doing everything in their power to protect sensitive information such as client, customer, and employee data”. 

He adds: “Once data in on an uncontrolled device then many controls no longer apply and the chain of ownership is lost, with this risk increasing if the device is shared amongst other people within a household.”

For Venables, one of the responsibilities firms should take to ensure that devices remain secure is providing training on best practice and cybersecurity, and doing this regularly. Polo concurs, saying employers need to ensure robust security measures are in place – for example, by enforcing password rotation, encrypting hard drives, automatic laptop locking after a brief period of inactivity, using encrypted password managers and two-factor authentication, and creating access roles

Going the extra mile

Getting things right in this respect isn’t only about securing tech and ensuring that workers are up to speed with best practice. It’s also about providing ‘softer’ support, which is arguably just as important as people using personal tech for work purposes, as employees deal with competing pressures around work/life balance, adjust to working in a home environment and maybe also try to manage home schooling.

The average workers is not a tech supremo, and as Brundell points out: “Since the majority of employees will not be best placed to assess the technical security capacity of an individual tool … or to appreciate its interaction with other business systems in play, the employer will generally want to ensure that only authorised technologies are used.”

Polo has some more advice, suggesting employers should “keep your door open in case any of your employees need some extra help … [and] try to facilitate any sort of financial aid if you are in a position to do so”. 

This level of flexibility seems highly appropriate at the current time. If firms are going to support workers who use personal tech for work purposes, then focusing on both the ‘hard’ areas of legal requirements and secure access and the ‘softer’ areas of providing additional support – including financial help with broadband connections and equipment – seems to strike the right note.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

How virtual desktop infrastructure enables digital transformation
Whitepaper

How virtual desktop infrastructure enables digital transformation

15 Dec 2021
Die Tech Skills von morgen
Whitepaper

Die Tech Skills von morgen

3 Dec 2021
Work from anywhere: Empowering the future of work
Whitepaper

Work from anywhere: Empowering the future of work

2 Dec 2021
Revolutionise the meeting experience with robust all-in-one video conferencing bars
Whitepaper

Revolutionise the meeting experience with robust all-in-one video conferencing bars

30 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022