What are employers' responsibilities when we use personal tech to work from home?

With many more months of lockdown ahead of us, and workers reluctant to return to the office full time, it's time to think about roles and responsibilities

As we’ve been working from home for the better part of a year now, you might expect employers to be fully on top of their responsibilities when supporting people who use their personal tech for work activities. This isn’t always the case, however, so it’s worth familiarising yourself with the responsibilities employers should take when we use personal tech while working from home.

Are we really still using personal tech for work?

Related Resource

Employees behaving badly?

Why awareness training matters

Download now

If there’s any doubt that we are still using personal tech for work, some sobering research from digital identity management firm SailPoint found that 25% of people in the UK use their own computers for work, while 11% have borrowed computers from family members or their partner. 

Reversing the picture, 34% of remote workers in the UK said they use their work devices for personal uses with 64% of these checking personal emails and 60% admitting to doing online shopping. There are security implications, too: 42% of UK employees say their company has not put any additional cybersecurity measures in place in the last twelve months, while 24% said they have shared work passwords with a partner or family member.

This reveals that the blurring of what constitutes work and personal equipment and how this tech is used is still very much alive and kicking. It could create significant headaches for employers. 

Getting serious about responsibilities

It’s important for employers to take their responsibilities around all of this seriously. Felipe Polo, a digital-focussed entrepreneur, non-executive director and investor, who helps organisations align their tech, teams and business strategy tells IT Pro: “[You should] make sure your employees have everything they need. Regulations may differ depending on the territory your employees work in, but at the very minimum, provide them with good laptops, good monitors and a good VPN in case they need to work with internal networks.” 

Employers have some very clear legal responsibilities around all this. Take data security such as that required around GDPR for example, where there are legal requirements around managing personal information. Employers can expense their responsibilities around such areas. Christian Brundell, associate in the regulatory team at law firm Walker Morris explains: “To the extent an organisation incurs costs in connection with data security, those costs will be part and parcel of the business operating expenses and will generally be viewed by regulators as a burden that coexists in tandem with the benefit derived from the commercial activity. Accordingly, the employer will generally be expected to address any costs that arise in this respect.”

In practice this would mean employee support is likely to involve the provision of a secure access portal to employees (typically through use of a VPN), but wouldn’t amount to an obligation to contribute to employee home connectivity costs. Employers might offer to provide discretionary financial support, however.

Device security

When it comes to using personal tech for work, device security is more important than ever. How can a firm be sure that the data on a home worker’s device is truly secure? Tom Venables, practice director  for application and cyber security, at risk management consultancy Turnkey Consulting, explains that “from a data protection point of view, employing organisations have to ensure that they’re doing everything in their power to protect sensitive information such as client, customer, and employee data”. 

He adds: “Once data in on an uncontrolled device then many controls no longer apply and the chain of ownership is lost, with this risk increasing if the device is shared amongst other people within a household.”

For Venables, one of the responsibilities firms should take to ensure that devices remain secure is providing training on best practice and cybersecurity, and doing this regularly. Polo concurs, saying employers need to ensure robust security measures are in place – for example, by enforcing password rotation, encrypting hard drives, automatic laptop locking after a brief period of inactivity, using encrypted password managers and two-factor authentication, and creating access roles

Going the extra mile

Getting things right in this respect isn’t only about securing tech and ensuring that workers are up to speed with best practice. It’s also about providing ‘softer’ support, which is arguably just as important as people using personal tech for work purposes, as employees deal with competing pressures around work/life balance, adjust to working in a home environment and maybe also try to manage home schooling.

The average workers is not a tech supremo, and as Brundell points out: “Since the majority of employees will not be best placed to assess the technical security capacity of an individual tool … or to appreciate its interaction with other business systems in play, the employer will generally want to ensure that only authorised technologies are used.”

Polo has some more advice, suggesting employers should “keep your door open in case any of your employees need some extra help … [and] try to facilitate any sort of financial aid if you are in a position to do so”. 

This level of flexibility seems highly appropriate at the current time. If firms are going to support workers who use personal tech for work purposes, then focusing on both the ‘hard’ areas of legal requirements and secure access and the ‘softer’ areas of providing additional support – including financial help with broadband connections and equipment – seems to strike the right note.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
How should employers support people working from home?
Business strategy

How should employers support people working from home?

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021