Iulia Rezeanu & Petre Lungu (Rödl & Partner): Protecting confidential information while teleworking

Mihai Cristea 02/02/2021 | 14:33

As per the Romanian law, telework is defined as any work arrangement that allows employees to work outside of their primary worksite at an alternate location, on a regular basis, at least one day a week, pursuant to an approved Telework Agreement.

By Petre Lungu & Iulia Rezeanu, Attorneys at Law, Rödl & Partner Romania

 

Currently, some current studies claim that remote workers are more productive and profitable than office-based employees so, in many cases, teleworking might become a widespread working model even after the pandemic crisis.

A successful implementation of the remote working model implies the following internal measures:

 

Confidentiality covenants and teleworking policies

Employers who have not concluded confidentiality agreements with their employees may consider having employees abiding from rules regarding their obligations to protect the company’s confidential and trade secret information. Thus, rules for handling the company’s confidential information are of utmost importance. Therefore, the telework policy should address the types of information the employer considers confidential, the proper handling of confidential information by employees working from home or remote and the proper steps that need to be taken by such employees to protect the employer’s confidential information.

 

Electronic security measures in place (Hard control)

It is important that employers consider the security of their IT systems. It is known that wireless networks are much easier to breach than an employer’s secure network because personal wireless networks usually have fewer security protocols in place.

Employees accessing the company’s servers remotely are generally granted access to a virtual private network (VPN). A VPN is a private, encrypted channel that will allow employees to directly access a company’s network, while greatly minimizing the risk to the company’s confidential information and trade secrets. VPNs are also beneficial as they allow employers to create and monitor remote workers’ access logs that track files as they are accessed by each employee.

Employers must ensure that only authorized users have access to their systems, networks and databases. To do so, employers could require two-step authentication or instate similar protective measures for remote access.

 

Use of company-provided devices or company systems

If feasible, employers should require teleworking employees to use only company-provided devices or company systems to review, store and disseminate company information.

 

Physical security measures

Teleworkers should be informed that they should lock their computers when they are not in their home offices. They should also make sure they do not leave company information out in plain sight of third parties or in view of computer cameras during video calls. Sensitive information should be subject to a company’s normal shredding rules, and employees should be restricted printing documents at home.

Additionally, special caution must be granted to the physical transport of all mobile devices and confidential information, in any form or medium, from one location to another, whether in your personal vehicle, public transportation or otherwise. As a rule, an employee must maintain personal possession of devices and confidential information at all times; any storage arrangements must be locked and secure at all times.

 

Restricted access, need to know basis

Specific access rights should be implemented, so that access to information is granted on a „need-to-know” basis, with the limitation of access to certain documents and information to particular groups or individuals, entitled by their job description to handling them. There are tools to revoke access to certain protected information if necessary to prevent possible data leaks.

When combined together, strong policies, training, IT security measures and procedures for return of company property can all contribute to reducing the likelihood that employees will jeopardize the secrecy of trade secret information through their actions.

 

Rödl & Partner – The agile caring partner for Mittelstand shaped world market leaders

Rödl  &  Partner  is  an  integrated professional services firm with 109  wholly  owned  locations across 49 countries. Rödl  &  Partner owes its dynamic success in the areas of legal and tax consulting, financial advisory, accounting and payroll,  business management and IT consulting, as well as audit, to the approximately 5,120 entrepreneurial-minded partners and colleagues. Rödl  &  Partner  offers expert advice to international businesses operating in all sectors and industries, by delivering high quality services worldwide and acting as a constructive and successful business companion.

Learn more about Rödl & Partner at www.roedl.com

Close ×

We use cookies for keeping our website reliable and secure, personalising content and ads, providing social media features and to analyse how our website is used.

Accept & continue