September 2010; As employees around the UK prepare for National Work from Home Day on Friday 24th September, leading information destruction company Shred-it warns that many businesses could be leaving themselves open to unnecessary risks if internal security measures fail to extend to staff working outside the office.
Latest figures from the Trades Union Congress (TUC) estimate that there are 3.5 million home workers throughout the UK. It is predicted that this number is set to rise significantly in support of the event.
Robert Guice, Executive Vice President of Shred-it, EMEA, commented: "National Work From Home Day offers employees the opportunity to experience the benefits that home working offers, including improved life balance and reduced stress.
"Organisations do however need to consider their policies and procedures relating to how confidential company and client information should be handled by staff working beyond the confines of the office.
"Despite efforts to promote the "paperless office" most employees still regularly print off documents containing confidential information, for example to sign them or proof read them. It is vital therefore that they understand the security processes that need to be followed when disposing of these documents both at home and in the office."
Organisations operating in all industry sectors have an obligation to protect the sensitive information their business generates or risk falling foul of data protection legislation. This includes a responsibility for the security of confidential data removed from the premises.
Those found to have committed a data breach now face the possibility of sizeable fines after the Information Commissioner’s Office (ICO) was given, in April 2010, the power to levy fines of up to £500,000 for data breaches to deter organisations from taking risks with sensitive information. This is in addition to the reputational damage caused and associated loss of businesses if the breach were to become public knowledge.
Robert Guice continues: "Small firms must make employee education a top priority to reduce the risk of a data breach occurring. Invoices, company reports, payroll data and customer lists are all highly confidential and need to be destroyed or securely stored.
"Setting out clear guidelines for staff on what constitutes sensitive information and how it should be securely stored and destroyed both in and outside of the office will help to prevent any leaks occurring."
Shred-it has a number of tips for organisations participating in National Work from Home Day:
- List all information security risks specific to your organisation, targeting both paper-based and electronic information sources; consider every stage of the information cycle, from data generation and storage to the transfer of data from location to location and the information destruction process.
- Train your employees in best practices in secure information management and destruction. Ensure all employees clearly understand what constitutes confidential information and the consequences to the business if a data breach were to take place.
- Ensure background checks are undertaken for all employees with access to sensitive data.
- Limit access to confidential data by handling this information on a ‘need to know’ basis and keep a record of which individuals have access to confidential information.
- Ensure that there is appropriate protection, such as encryption, for all confidential data stored on networks, laptops and remote access devices.
- Encourage employees who regularly work from home to consider putting in place a lockable mailbox.
- Securely destroy all sensitive information - in electronic and paper form – that is no longer required to be kept on record.
- Ensure that employees return to the office to destroy sensitive documents rather than using strip shred personal shredders which do not meet security specifications.
- Outsource information destruction to professional providers, who ensure the total security of the information destruction process, and can provide documentation to certify that the chain of custody has been maintained and the work has been completed.
- Partner with a document destruction specialist to audit your operations to help your organisation identify any gaps in security.