The Importance of Keeping Sensitive Documents Safe at Home
As the United States continues to address the challenges brought on by the Covid-19 pandemic, more and more companies are instructing their employees to work from home. Working from home serves a dual purpose: it serves as a social distancing technique to help contain the spread of the Coronavirus and it allows staff to remain productive and continue to earn income. The availability of internet access and technology advances have made it possible for many to perform their jobs from almost anywhere. However, there are a range of privacy and confidentiality concerns for businesses to consider as more staff work remotely.
In the healthcare industry, concerns about exposure to the Covid-19 virus could lead to breaches in the privacy of healthcare information via healthcare workers. Businesses should take this increased risk seriously and be vigilant in reminding staff that disclosure of confidential patient information is prohibited by law. Healthcare staff should also be made aware that accessing confidential files for unnecessary reasons could result in termination, fines, or even criminal prosecution.
Guarding against the accidental disclosure of private information is something that all companies should prioritize while staff is working from home. Staff should be given detailed instructions regarding remote work station procedures. If a staff member experiences technical difficulties, how should they proceed? Working from a family member’s computer or home due to internet access are common scenarios in this unprecedented time. Staff may experience situations that while understandable, could present privacy concerns or put confidential company information at risk. Companies will need to reevaluate their policies and implement updated versions to address the current circumstances. It’s also important to note that reimbursement for internet and other home office items that employees use to perform their work from home may be legally required under some states’ laws.
Tips for a Secure Work-from-Home Environment
- Train remote employees on confidentiality and best practices for securing confidential information.
- Set clear expectations on what staff can and cannot do when working from home.
- Permit access only through VPN or similar connection.
- Require two-factor authentication.
- Supply staff members with secure laptops. There are many software applications available to monitor systems and flag suspicious activity, such as downloading large data files or emailing attachments containing confidential information. These software applications should be installed prior to employees’ possession of the new device.
- Staff should not email company documents to their personal email accounts or transfer data off of the company network.
- Devices should be set to lock automatically after periods of inactivity.
- Instruct staff to be vigilant regarding phishing attacks, especially those using Covid-19 information as bait tactics.
- Confidential information should be password-protected and limit access only to staff who will need access in order to perform their jobs.
- To discourage employees from using a non-secure network or device in the event of technical difficulty, establish a protocol for staff to follow and contact information for IT support. Provide an alternative option until the IT team can find a solution.
- Home internet access can be unreliable. To discourage staff from utilizing less secure work locations, your organization may want to provide incentives for employees to sign up for faster internet services at home.
As employees adjust to working remotely, it’s reasonable to expect a large number of technical questions and challenges. Many companies are now providing an expanded level of IT support with increased hours of availability or contracting with an outside IT support provider for coverage.
Critical reminders to all staff members regarding security practices should be communicated regularly.
- Save company data only on the network, never on personal devices.
- Not allowing others to access the company’s systems, including the personal laptop or device that has access to the company’s systems.
- Confidential corporate materials should not be printed at home unless the reason to do so outweighs the risk.
- Sensitive corporate data should not be saved to personal cloud accounts.
If a remote employee’s employment ends, establish protocols for the return company devices, such as providing pre-paid shipping labels and boxes. Protocols should include the treatment of hard-copy confidential files and records. If confidential files should be destroyed, it’s important to retain a reputable document shredding service who can guarantee secure destruction of the information. Sierra Shred offers confidentiality agreements and provides certificates of destruction to their clients, verifying that all records were destroyed in accordance with state and federal regulations including HIPAA, FACTA, GLBA. Sierra Shred also performs rigorous 7+ year background checks and drug testing by a 3rd party vendor on all personnel.
The country is experiencing a “new normal” created by COVID-19. Just as people are learning to adapt within their personal lives to the changed circumstances, companies and organizations will need to be flexible and adapt as well. However, it’s important that these adaptations to remote working arrangements not sacrifice information security.