What are employers' responsibilities when we use personal tech to work from home?

With many more months of lockdown ahead of us, and workers reluctant to return to the office full time, it's time to think about roles and responsibilities

As we’ve been working from home for the better part of a year now, you might expect employers to be fully on top of their responsibilities when supporting people who use their personal tech for work activities. This isn’t always the case, however, so it’s worth familiarising yourself with the responsibilities employers should take when we use personal tech while working from home.

Are we really still using personal tech for work?

Related Resource

Employees behaving badly?

Why awareness training matters

Why awareness training matters - whitepaper from MimecastDownload now

If there’s any doubt that we are still using personal tech for work, some sobering research from digital identity management firm SailPoint found that 25% of people in the UK use their own computers for work, while 11% have borrowed computers from family members or their partner. 

Reversing the picture, 34% of remote workers in the UK said they use their work devices for personal uses with 64% of these checking personal emails and 60% admitting to doing online shopping. There are security implications, too: 42% of UK employees say their company has not put any additional cybersecurity measures in place in the last twelve months, while 24% said they have shared work passwords with a partner or family member.

This reveals that the blurring of what constitutes work and personal equipment and how this tech is used is still very much alive and kicking. It could create significant headaches for employers. 

Getting serious about responsibilities

It’s important for employers to take their responsibilities around all of this seriously. Felipe Polo, a digital-focussed entrepreneur, non-executive director and investor, who helps organisations align their tech, teams and business strategy tells IT Pro: “[You should] make sure your employees have everything they need. Regulations may differ depending on the territory your employees work in, but at the very minimum, provide them with good laptops, good monitors and a good VPN in case they need to work with internal networks.” 

Employers have some very clear legal responsibilities around all this. Take data security such as that required around GDPR for example, where there are legal requirements around managing personal information. Employers can expense their responsibilities around such areas. Christian Brundell, associate in the regulatory team at law firm Walker Morris explains: “To the extent an organisation incurs costs in connection with data security, those costs will be part and parcel of the business operating expenses and will generally be viewed by regulators as a burden that coexists in tandem with the benefit derived from the commercial activity. Accordingly, the employer will generally be expected to address any costs that arise in this respect.”

In practice this would mean employee support is likely to involve the provision of a secure access portal to employees (typically through use of a VPN), but wouldn’t amount to an obligation to contribute to employee home connectivity costs. Employers might offer to provide discretionary financial support, however.

Device security

When it comes to using personal tech for work, device security is more important than ever. How can a firm be sure that the data on a home worker’s device is truly secure? Tom Venables, practice director  for application and cyber security, at risk management consultancy Turnkey Consulting, explains that “from a data protection point of view, employing organisations have to ensure that they’re doing everything in their power to protect sensitive information such as client, customer, and employee data”. 

He adds: “Once data in on an uncontrolled device then many controls no longer apply and the chain of ownership is lost, with this risk increasing if the device is shared amongst other people within a household.”

For Venables, one of the responsibilities firms should take to ensure that devices remain secure is providing training on best practice and cybersecurity, and doing this regularly. Polo concurs, saying employers need to ensure robust security measures are in place – for example, by enforcing password rotation, encrypting hard drives, automatic laptop locking after a brief period of inactivity, using encrypted password managers and two-factor authentication, and creating access roles

Going the extra mile

Getting things right in this respect isn’t only about securing tech and ensuring that workers are up to speed with best practice. It’s also about providing ‘softer’ support, which is arguably just as important as people using personal tech for work purposes, as employees deal with competing pressures around work/life balance, adjust to working in a home environment and maybe also try to manage home schooling.

The average workers is not a tech supremo, and as Brundell points out: “Since the majority of employees will not be best placed to assess the technical security capacity of an individual tool … or to appreciate its interaction with other business systems in play, the employer will generally want to ensure that only authorised technologies are used.”

Polo has some more advice, suggesting employers should “keep your door open in case any of your employees need some extra help … [and] try to facilitate any sort of financial aid if you are in a position to do so”. 

This level of flexibility seems highly appropriate at the current time. If firms are going to support workers who use personal tech for work purposes, then focusing on both the ‘hard’ areas of legal requirements and secure access and the ‘softer’ areas of providing additional support – including financial help with broadband connections and equipment – seems to strike the right note.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Is a good work/life balance still just a pipe dream?
Business strategy

Is a good work/life balance still just a pipe dream?

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021