The spread of COVID-19 happened so quickly that businesses of all sizes and across all industries had to scramble to respond. Some non-essential businesses had just hours to prepare their employees before everyone headed home to work remotely for the foreseeable future. Setting up the technology to support temporary remote work may have been relatively easy for your company. Making sure employees are protecting the company’s data security from home may actually be the bigger challenge.
Thankfully, advancements in technology makes temporary remote setups workable for many people. Just about everyone has devices and Internet access at home, so Zoom meetings and remote management software allows teams to stay in touch. For many companies, pivoting to a work-from-home arrangement wouldn’t have been feasible even 20 years ago, when so much of our data was physical and many jobs could only be done onsite.
Questions to Ask About Data Security During COVID-19
To assess how well your company’s remote work arrangement is addressing data security concerns, think about how you’d answer these five questions.
- Is everyone connecting securely? When remote employees connect to their own Internet and all have access to company data, that data is only as secure as the least secure WiFi network. If your company has a dedicated IT department, employees temporarily working from home have probably already been instructed on connecting to a VPN (virtual private network) as an added layer of digital security. In smaller companies, it may be necessary to provide guidance about VPNs and even coach employees on what to do. (Isolation does minimize one major threat to a company’s sensitive data: For the time being, at least, employees probably aren’t connecting to risky public WiFi networks with their work devices.)
- Is everyone on guard for current phishing schemes? Training employees on how to spot and avoid phishing attempts is a basic part of data security best practices. But cybercriminals are constantly evolving, and are trying to capitalize on the fears that people have around COVID-19. If you haven’t already, consider alerting remote workers to be especially cautious about clicking on emails and links that claim to be about the virus. Urge them not to download any files included in such messages.
- Are employees protecting their devices? While folks work at home, their “coworkers” become whoever else is quarantining in the home. It’s pretty unlikely that a roommate or family member would intentionally expose the employee’s data, but this can happen accidentally when work devices are left out. A bored kid who grabs Mom’s work tablet and starts clicking random Internet links could do a lot of damage in just a few minutes. Now might be the perfect time for a refresher on protecting work devices from others.
- Do employees still know how to respond to data security problems? Hopefully, your company already has a data breach response policy that tells employees how to report potential breaches. Make sure that policy is still functional while employees temporarily work from home. Does everyone know who to contact after, say, opening a possible phishing email? Is there at least one backup contact person, in the event that the primary contact becomes sick and isn’t available? What should employees do next after submitting a breach notification? If any of your policies involve steps that won’t work remotely, like requiring people to submit physical notification forms, update them now.
- Have you addressed data destruction best practices? Employees who are temporarily working from home could become a little lax around protecting company data they’re done using. They may print out sensitive documents and then toss them into the family’s recycling bin, or throw away old flash drives in their personal trash cans. If the company hasn’t already communicated about how employees should approach data destruction right now, it’s worth doing quickly. Your company may request that employees shred sensitive documents, or hold onto documents and all data-storing devices until they can be collected and destroyed when workers come back to the office.
No matter how chaotic the last few weeks have been for your business, protecting your company’s data security isn’t something that can be put off until later. Being vigilant about data security means that, when this strange phase is over, the company will be positioned to keep moving forward instead of struggling to deal with the effects of a major breach.
And when you’re ready to securely manage your data destruction needs, Northeast Data Destruction will be here to help you close the loop. By permanently destroying your physical files and data-storing devices, our data destruction services help you keep your company’s sensitive information secure – permanently. Contact Northeast Data Destruction with questions today.