What are employers' responsibilities when we use personal tech to work from home?

With many more months of lockdown ahead of us, and workers reluctant to return to the office full time, it's time to think about roles and responsibilities

As we’ve been working from home for the better part of a year now, you might expect employers to be fully on top of their responsibilities when supporting people who use their personal tech for work activities. This isn’t always the case, however, so it’s worth familiarising yourself with the responsibilities employers should take when we use personal tech while working from home.

Are we really still using personal tech for work?

Related Resource

Employees behaving badly?

Why awareness training matters

Why awareness training matters - whitepaper from MimecastDownload now

If there’s any doubt that we are still using personal tech for work, some sobering research from digital identity management firm SailPoint found that 25% of people in the UK use their own computers for work, while 11% have borrowed computers from family members or their partner. 

Reversing the picture, 34% of remote workers in the UK said they use their work devices for personal uses with 64% of these checking personal emails and 60% admitting to doing online shopping. There are security implications, too: 42% of UK employees say their company has not put any additional cybersecurity measures in place in the last twelve months, while 24% said they have shared work passwords with a partner or family member.

This reveals that the blurring of what constitutes work and personal equipment and how this tech is used is still very much alive and kicking. It could create significant headaches for employers. 

Getting serious about responsibilities

It’s important for employers to take their responsibilities around all of this seriously. Felipe Polo, a digital-focussed entrepreneur, non-executive director and investor, who helps organisations align their tech, teams and business strategy tells IT Pro: “[You should] make sure your employees have everything they need. Regulations may differ depending on the territory your employees work in, but at the very minimum, provide them with good laptops, good monitors and a good VPN in case they need to work with internal networks.” 

Employers have some very clear legal responsibilities around all this. Take data security such as that required around GDPR for example, where there are legal requirements around managing personal information. Employers can expense their responsibilities around such areas. Christian Brundell, associate in the regulatory team at law firm Walker Morris explains: “To the extent an organisation incurs costs in connection with data security, those costs will be part and parcel of the business operating expenses and will generally be viewed by regulators as a burden that coexists in tandem with the benefit derived from the commercial activity. Accordingly, the employer will generally be expected to address any costs that arise in this respect.”

In practice this would mean employee support is likely to involve the provision of a secure access portal to employees (typically through use of a VPN), but wouldn’t amount to an obligation to contribute to employee home connectivity costs. Employers might offer to provide discretionary financial support, however.

Device security

When it comes to using personal tech for work, device security is more important than ever. How can a firm be sure that the data on a home worker’s device is truly secure? Tom Venables, practice director  for application and cyber security, at risk management consultancy Turnkey Consulting, explains that “from a data protection point of view, employing organisations have to ensure that they’re doing everything in their power to protect sensitive information such as client, customer, and employee data”. 

He adds: “Once data in on an uncontrolled device then many controls no longer apply and the chain of ownership is lost, with this risk increasing if the device is shared amongst other people within a household.”

For Venables, one of the responsibilities firms should take to ensure that devices remain secure is providing training on best practice and cybersecurity, and doing this regularly. Polo concurs, saying employers need to ensure robust security measures are in place – for example, by enforcing password rotation, encrypting hard drives, automatic laptop locking after a brief period of inactivity, using encrypted password managers and two-factor authentication, and creating access roles

Going the extra mile

Getting things right in this respect isn’t only about securing tech and ensuring that workers are up to speed with best practice. It’s also about providing ‘softer’ support, which is arguably just as important as people using personal tech for work purposes, as employees deal with competing pressures around work/life balance, adjust to working in a home environment and maybe also try to manage home schooling.

The average workers is not a tech supremo, and as Brundell points out: “Since the majority of employees will not be best placed to assess the technical security capacity of an individual tool … or to appreciate its interaction with other business systems in play, the employer will generally want to ensure that only authorised technologies are used.”

Polo has some more advice, suggesting employers should “keep your door open in case any of your employees need some extra help … [and] try to facilitate any sort of financial aid if you are in a position to do so”. 

This level of flexibility seems highly appropriate at the current time. If firms are going to support workers who use personal tech for work purposes, then focusing on both the ‘hard’ areas of legal requirements and secure access and the ‘softer’ areas of providing additional support – including financial help with broadband connections and equipment – seems to strike the right note.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

2021 Thales access management index: European edition
Whitepaper

2021 Thales access management index: European edition

7 Oct 2021
2021 Thales access management index: Global edition
Whitepaper

2021 Thales access management index: Global edition

7 Oct 2021
Three tips for leading hybrid teams effectively
Whitepaper

Three tips for leading hybrid teams effectively

5 Oct 2021
Maslow's Hierarchy of Needs and the workplace
Business strategy

Maslow's Hierarchy of Needs and the workplace

24 Sep 2021

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021