Fri, May 01, 2020
By: Steve Clopton
We’ve all had to adjust to a new reality thanks to the COVID-19 pandemic. One of the biggest changes has been that many of us are now working from our homes.
For companies who store personal and sensitive data, the challenge is twofold. First, they must figure out the most efficient way for their workers to telecommute. And second, they must ensure the security of the company’s data when people are accessing it remotely.
At Gilmore Services, we have decades of experience protecting files and data. Here’s what you need to know to keep your company information secure.
Create a Written Work-from-Home Policy for Your Company
The very first thing you should do is create a written work-from-home policy that specifies your employees’ responsibilities when it comes to data security. It should include:
- Protocols for accessing your company’s systems and data remotely. For example, you might require employees to use a VPN or dial in through encrypted software.
- Strong passwords and/or two-factor authentication. Implementing 2FA remotely may be tricky, but you can and should ramp up your security measures as much as possible. One option would be to require all employees to increase the strength of their passwords and change them frequently.
- Procedures for regulatory compliance. For example, you might require employees to use HIPAA-compliant technology and deliver sensitive documents to a NAID-certified shredding facility regularly, thereby preventing them from disposing of protected information in their home trash or recycling.
It’s extremely important to spell out your expectations and get every employee to sign off on the new rules.
Conduct Employee Training
Even if you create a written policy for telecommuting, you should still revisit your employee training procedures to ensure that every employee is aware of the new procedures and understands how they work.
For example, you might schedule remote training on new telehealth software or distribute written workflows to show employees how to deal with sensitive information.
Make sure to track all employee training. The best way to do it is to manage training through a secure online portal. If you can’t do that, create a tracking system you can use internally to ensure that every employee has completed the training.
Put a Data Breach Alert in Place
When people are working from home and accessing your data remotely, it’s inevitable that a serious data breach becomes a more likely event than it was before the pandemic. That means you need to be prepared and ready to act if a breach occurs.
The Federal Trade Commission suggests the following steps:
- Create an alert that will notify you immediately of any data breach
- Figure out where the breach occurred
- Stop additional data loss
- Put additional security in place to prevent future breaches
If you have a dedicated IT team, then they may be able to handle this task internally, If not, you should plan on hiring a cybersecurity expert to take care of it for you.
Partner with a NAiD-Certified Data Destruction Specialist
The final thing we recommend is that, if you haven’t already done so, you partner with a NAID-certified shredding and data destruction company.
NAID certification indicates that adheres to the most rigorous standards. Gilmore Services is NAID certified and we can help you:
- Create a system for collecting and shredding sensitive documents
- Image your most important documents so employees can access them remotely
- Adhere to regulatory standards, including FACTA, HIPAA, and Sarbanes-Oxley
We’ll work with you to ensure that your company’s most valuable data and documents are protected, accessible when you need them, and destroyed in accordance with all regulatory requirements.
Conclusion
The global pandemic has made it necessary for companies and their employees to be flexible while still protecting their data. Working with an experienced data destruction company will keep your data safe.
Need help creating a work-from-home data protection system? Click here to learn about our services!