Being away from the office means that confidential information and data is at higher risk of a breach. And with 66%1 of home workers admitting to printing work-related documents since they began working from home, experts share their top tips to improve document security outside the office.
Experts from confidential shredding and records management company Go Shred highlight five ways home workers and their employers can strengthen security when accessing confidential information away from the office.
- Understanding what is confidential
When thinking about how to keep information and documents secure when working from home, it’s worth going back to basics and speaking to employees about the types of data processed within your organisation. The main types of documents you need to consider improving security on are those which contain personal and sensitive data about your customers, your business and each other:
- Documents containing personal information about staff and customers are classified as confidential. Under GDPR ‘personal data’ means ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
- You should also consider any documents which contain sensitive data. The GDPR rules refer to sensitive personal data as “special categories of personal data”. This category of data can cover everything from an individual’s race, to politics and genetics, and therefore needs extensive protection.
- And finally, sensitive business data, which means any documents which may be considered as commercially sensitive or require additional security measures. These include information relating to Intellectual Property, office plans, office IDs, internal procedure manuals and client contract details and commercial documents including invoices. Shockingly, in a recent survey conducted by Go Shred, 30%1 of home workers admitted to printing items including contracts and commercial documents.
- To print or not to print
Interestingly, 41%1 of home workers recently stated they are aware of the GDPR rules and regulations around printing confidential documents related to work outside the workplace. Still, they have no choice other than to print at home.
The same poll revealed that home workers are printing five documents every week on average. That means that since the government first advised against all unnecessary social contact on the 16th March 2020, home workers have potentially printed an average of 2352 confidential documents to date.
Businesses need to be aware that printing anything from meeting agendas to expense forms, CV’s and internal documents could put you at risk of breaching GDPR regulations. Business leaders should consider how they can work with their existing confidential waste management companies to support the correct disposal of these items, with products such as mini shredding bins and remote collection now available.
- Secure storage
Where the printing of documents containing confidential information is unavoidable, the physical documents need to be secured safely. This means they must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.
With regard to personal data Article 5. 1.e) of the GDPR clearly lays out the principle of ‘storage limitation’, and says personal data should only be kept for as long as is necessary to fulfil the purposes for which the data is being processed.
It’s advised that businesses review their existing GDPR guidelines and refresh these based on the risks faced when working from home. Staff should be encouraged to only store information they have printed in secure locations which cannot be accessed by anyone other than themselves. They should not be left in plain sight or even read in clear view of anyone else outside of the organisation.
- Confidential waste bins
If sensitive documents need to be disposed of, this also needs to be done securely. They should be shredded or placed in a confidential waste bin. In order to keep this information safe, all confidential waste must be disposed of, collected and then destroyed separately, before it can be recycled.
If businesses have supplied their staff with confidential waste bins for their home offices, they should then be collected and sealed in security bags prior to shredding or collection by a waste contractor. When it comes to the destruction and management of secure information, it’s vital to work with a company that works and operates to the most stringent and appropriate standards. Key certifications and accreditation to look out for include ISO:9001:2015, EN15713:2009, Environment Agency Waste Carriers License and Information Commissioner’s Office Certificate.
- Keep up to date with cybersecurity threats
Businesses should also be considering how to keep documents and sensitive information safe online. Whilst many staff members are working from home, accessing digital documents can open them up to new hacking risks.
For any information that’s stored digitally, it’s essential to control access by using passwords, firewalls and encryption. This should also be considered for any information which is held on hard drives or USBs.
When using passwords to control access to confidential information, you must ensure that they’re secure and updated regularly. Sensitive information should also only be accessed via a secure internet connection on approved devices. Requiring employees to connect to the same server they would in the office to access or via secure online document storage solutions such as Google Drive, is one way of protecting the information from unauthorized access.
Mike Cluskey, Managing Director at Go Shred said: “Working from home demands a different security standard than being in the office, especially when it comes to document security.
“Although remote working has become the norm for many people, it is still daunting for both employers and home workers to think about GDPR compliance which requires businesses to keep all personal data private and secure.
“Companies of all shapes and sizes need to ensure GDPR compliance and document security, whether you’re a startup or a well-established organisation, sticking within the existing guidelines is essential to avoid fines and reduce the risk of data breaches. We urge business leaders to look at their existing practices both online and offline and consider whether these are still working for their remote staff. Homeworkers should also take extra precautions to make sure they are doing everything they can to protect confidential data and information.”
For more tips and tricks of keeping documents safe when working from home, please visit: https://www.goshred.co.uk/go-shred-blog.html