By Claire West
As employees around the UK prepare for National Work from Home Day on Friday 24th September, leading information destruction company Shred-it warns that many businesses could be leaving themselves open to unnecessary risks if internal security measures fail to extend to staff working outside the office.
Shred-it has a number of tips for organisations participating in National Work from Home Day:
1. List all information security risks specific to your organisation, targeting both paper-based and electronic information sources; consider every stage of the information cycle, from data generation and storage to the transfer of data from location to location and the information destruction process.
2. Train your employees in best practices in secure information management and destruction. Ensure all employees clearly understand what constitutes confidential information and the consequences to the business if a data breach were to take place.
3. Ensure background checks are undertaken for all employees with access to sensitive data.
4. Limit access to confidential data by handling this information on a ‘need to know’ basis and keep a record of which individuals have access to confidential information.
5. Ensure that there is appropriate protection, such as encryption, for all confidential data stored on networks, laptops and remote access devices.
6. Encourage employees who regularly work from home to consider putting in place a lockable mailbox.
7. Securely destroy all sensitive information - in electronic and paper form — that is no longer required to be kept on record.
8. Ensure that employees return to the office to destroy sensitive documents rather than using strip shred personal shredders which do not meet security specifications.
9. Outsource information destruction to professional providers, who ensure the total security of the information destruction process, and can provide documentation to certify that the chain of custody has been maintained and the work has been completed.
10. Partner with a document destruction specialist to audit your operations to help your organisation identify any gaps in security.