Implementing a Temporary Work from Home Policy? Be Mindful of Your Organization's Information Security!

Posted by Ray Barry

In order to prevent the spread of the Coronavirus, many businesses are implementing a temporary “work from home” policy for their employees effective immediately. With the CDC recommendations of “social distancing” and avoiding large groups, several non-medical industries are able to implement this policy without a huge drop in production temporarily.

However, if you are thinking of implementing this policy, you can fall into the trap of making a quick decision without properly communicating the importance of information security. You could limit control of maintaining compliance with data protection regulations (HIPAA, FACTA, GLB, GDPR & State Shredding regulations).

While your employees work from home, please keep in mind your organization is still bound by regulatory compliance and your risk and liability exposure is very high relative to document security. In other words, it is still your organization’s name and reputation on the line if there is ever a security breach or non-compliance. Your organization is then responsible for any possible fines. 

Here are some suggestions to avoid such a breach with a work from home policy:            

  • Have Written Policies and Procedures for all team members to follow relative to document security and information security. Make sure all employees that have access to sensitive information have electronic copies of the policy. 
  • Make sure your company has an Annual Employee Training program on the proper procedures for document and IT Disposal. You should also have each associate sign an acknowledgment form showing proof that they have been trained on the organization’s policies and they understand this is a condition of their employment.
  • Is the Employee training program through an online portal? Do you have proof of completion for each team member?
  • Does your company have a Data Breach Notification Program? Are you prepared just in case? These days it’s not a question of “if” a data breach will happen, it’s a question of “when”!
  • Has your company completed a privacy self-assessment? 
  • PLEASE make sure your work from home employees do not throw sensitive material in the residential trash! Identity Thieves know where to look and residential trash containers are usually the first place they look!
  • Have employees gather all their sensitive documents during the temporary time and bring them to the office when it is reopened. Then schedule your shredding service asap with a NAID Certified company - preferably Shred America. 
  • If the policy is a longer-term situation, you could schedule a day every month your team members can take their sensitive documents to your office parking lot to meet your Certified vendor’s mobile shredding unit, or coordinate a convenient location and time to meet your shredding provider’s shredding unit or collection truck. 
  • Many shred providers also have drop-off service at their offices
  • If REALLY long term (over 3 months)……..Find a NAID Certified shredding company that offers an “express shred service” that provides an off-site destruction solution for residential clients. A few providers also offer On-Site shredding solutions for residential clients, but it is more challenging to maneuver large mobile shredding units in residential neighborhoods. Ask your provider if they also provide bags to collect confidential material.              

Contact Shred America 

Shred America/Carolina Shred can help your organization with every bullet point above including our new V.E.S.T. Data Breach Notification program and our “Shred America Express” program. Please contact us at (866) SHRED US or email us at info@shredamerica.com.

Comments