Global menu

Our global pages


Coronavirus – Remote working security – France

  • France
  • Coronavirus
  • Coronavirus - Country overview
  • Coronavirus - Workforce issues


On 1 April 2020, and in the context of the COVID-19 crisis, the French Data Protection Authority (CNIL) has issued guidelines on remote working, to guarantee the security of information systems and of the data processed.

Remote working during coronavirus: best practices for employers in France

The CNIL recommends that employers have a remote working IT charter in place, or at least a set of minimum rules that the employees must abide by when working remotely.

If the existing rules should be modified to allow remote working, the employer should conduct a risk assessment and implement appropriate mitigation measures to lower any potential risk.

In addition, all of the employees work stations should be equipped with, at least, a firewall, an antivirus and tool blocking malicious sites. Where possible, a VPN should be used, with a two-factor authentication mechanism.

Where companies services are delivered on the internet, the CNIL further recommends using protocols ensuring the confidentiality and the authentication of the receiving servers, such as HTTPS for websites and SFTP for file transfers.

Equipment and software used should be protected against the latest software vulnerabilities. The CNIL recommends to visit the CERT-FR (Computer Emergency Response Team) website, which gives regular updates on the latest software vulnerabilities (site is available here).

In addition, a two-factor authentication mechanisms should be used, logs of access should regularly be verified in order to detect suspicious behaviour, and unsecure server interfaces should not be made directly accessible.

Remote working during coronavirus: best practices for employees in France

Employees should follow their employer’s instructions at all times, and strictly apply the IT charter that is in place.

In addition, where using their home Wi-Fi, employees should turn off the WPS function and activate an encryption system (WPA2 or WPA3) with a robust password. The WPS function should be deactivated and the guest Wi-Fi deleted.

Employees should use the device and the VPN provided by their employer. If they are working with their own device, employees should make sure that it is sufficiently secured, particularly by installing a firewall and antivirus protection. Only applications authorized by the employer should be installed on the device.

Finally, employees should not transmit confidential data through consumer services unless such data is encrypted, and be vigilant to phishing attempts which are particularly high in this pandemic context.

Contact and employment lawyer in France today