Having clear data and document security policies and procedures sets the table for all other matters. These governance documents need to cover how records and information are managed, including details about record retention. A section covering device security should explain what, if any, records can be copied to a personal device and what, if any, records can be sent to a personal email address. What about the use of flash drives? Furnishing reminders on a regular basis can help reinforce overall data protection measures you already have in place.
Although the procedures should hold true regardless of where the employee is doing their job, working remotely does present some unique challenges. For that reason, you might want to create a special section devoted to situations an employee might face at home. For example, is it ok to print any document at home or do you want to place restrictions on the kind of document that can be printed?
Other guidance to be included in the “working remotely” subsection of data/document security policies should cover the handling of sensitive documents. Is using a home shredder acceptable or do you want to require locked storage of those documents until the employee returns to the office? The so-called “clean desk” policy — all documents and work devices are locked away when not in use— should apply to both the office and in an employee’s home; it’s essential in a busy household with children and pets.
Looking now at software and network concerns, making sure all software is up to date is always important, and especially so when employees are accessing your company’s network from home. Updates not only fix small bugs, they also address security vulnerabilities. The next consideration is how employees access the network. You should definitely have a Virtual Private Network (VPN) set up, with everyone on the same page about when to use it. The simple answer is: Always! There might be times when someone needs to briefly do some non-work activities, like checking for messages from their child’s school. Those new to using a VPN might think they need to exit the VPN and reconnect later, but that defeats the network security power of a VPN.
The importance of protecting data and documents cannot be overstated. Data breaches can lead to expensive fines, legal actions, and damage to a company’s reputation. With solid data and document security policies in place and easily accessible by employees, coupled with important reminders, you have taken the right steps to protect confidential and sensitive information about your company and your customers, even when your workforce is working remotely. For additional security measures you might want to put into place, you can talk to Higher Information Group. We’re ready to help.
