Your dentist can’t perform a root canal remotely, and your handyman probably doesn’t offer telecommuting service. But, if you work in an industry that doesn’t require everyone to be on site all day, your organization probably has employees who work remote, at least occasionally. And if it doesn’t, it probably will soon.
A Gallup poll found that 43 percent of American workers said they had worked remotely at some point during 2016. That was a 4 percent increase over 2012, unsurprising considering that many workers cite flexibility as a top professional priority. Offering a remote option is a key way that businesses can attract top candidates—but when your employees take sensitive documents home and keep their laptops and thumb drives in their cars, how can you be sure your company’s data is protected?
Setting Up Safety Procedures
According to Massachusetts regulations, it’s your company’s responsibility to create a Written Information Security Program (WISP), which should spell out the policies that your employees must follow to safeguard data. But your WISP may not provide enough guidance about how your remote workers should conduct themselves on a day-to-day basis.
Your company may want to create a handbook or a training module about data protection, to be provided for all new employees—remote and otherwise. Those materials would instruct employees about topics like choosing hard-to-guess passwords for their devices, keeping track of small items like thumb drives and using other safeguarding measures so that, if those devices are ever stolen or lost, strangers can’t easily access any information.
Your company’s IT department should also be instrumental in setting up remote workers with access to encryption software, cloud-based storage networks and other secure communication channels. Unless your remote workers are fluent in tech security, your IT specialists may need to do a good deal of one-on-one training to get new remote workers up to speed.
Safely Disposing of Data
As long as your employees are trained well, your data should be safe in their home offices. But it’s more vulnerable when remote employees take their work devices or files out of their homes, replace outdated devices or need to return work items to you.
It’s essential that your company carefully manage the chain of custody for any items that have the capacity to store data. That means coaching your remote workers about never leaving their devices unattended in their cars or public places.
Remote employees should also be trained about how to appropriately dispose of any electronics that can store data. Laptops, phones, thumb drives, printers, fax machines and badges with electronic components are all vulnerable to data theft. Although shredding is the most effective way of completing destroying data, your company may decide to ask remote workers to wipe their old devices using AirWatch or a similar product if the product still has some life to it.
But the best way to make sure that your company data is truly destroyed is to control the destruction process yourself. That may require paying for employees to personally deliver old files and devices to your office when they’re no longer needed so you can arrange to have them disposed of properly by a trusted data destruction company.
Trusting remote workers to manage their own workloads is a risk that most companies can take. Trusting them to protect company data on their own is a risk most can’t afford. Your company must assume ownership over that data and make sure it’s completely destroyed once it’s no longer needed.
Once all that data is back in your office, Northeast Destruction can help you securely dispose of it. Contact us today for a quote.