WITH THE majority of employees in many businesses forced to work from home since the outbreak of the COVID-19 pandemic, Mark Harper investigates whether or not today’s companies are fully prepared for a new set of data security challenges.
It was on Monday 23 March when the Government issued COVID-19 guidelines instructing most businesses to arrange for their workforces to operate remotely in a bid to halt the spread of the Coronavirus. Nearly five months and countless video calls later, a great many employees remain at home and wonder to themselves whether we’ll ever make an official return to what we might term a ‘normal’ world.
Throughout this period, creativity has prospered and teams have done what they can to adjust to new working conditions, tackling a list of challenges including much changed internal communications, home set-ups and trying to concentrate on the task at hand with children competing for attention.
Generally speaking, businesses have adapted pretty well to the situation. In fact, many temporary arrangements may well now become a more permanent fixture, with business leaders encouraged by how quickly teams have adopted to new ways of working.
It hasn’t all been plain sailing though. Despite worldwide reports of boosts to overall productivity, working from home has presented some demanding challenges, including those around data security. The latter is an underlying issue that must now be addressed both promptly and effectively.
Sensitive data at home
Working from home invariably means that many workers are without direct and professional support much of the time. By extension, this means that the correct handling of data is now much harder to control for businesses. According to a 2020 global research study conducted by Lenovo, 72% of respondents working from home due to COVID-19 were in some way concerned about protecting personal data on their work devices.
Although the respondents to this study expressed concerns about personal data held on laptops and other devices, this does pose a wider question for data security as a whole and the infrastructures that businesses and teams have in place. Workforces suddenly have additional responsibilities to think about in relation to the handling of data and may have largely been left in the dark as to how they should now be dealing with sensitive data from the home environment.
Recognising the challenges organisations are facing, the Information Commissioner’s Office has issued guidance on how teams can work from home securely. Using collective information such as this, employers must now remain educated themselves and implement effective data protection procedures wherever needed. Even within the comfort of their own homes, it’s key for all involved to understand their responsibilities and the legal implications of not remaining compliant.
Over the past few years, digital data protection has become more and more a part of everyone’s lives. Simple to implement protections, such as two-factor authentication, are now standard procedure for most modern office environments.
However, data handling around paper documents has seen less innovations. Printed documents that hold sensitive data are out of the reach of most digital protections that are part of most people’s IT set-ups, so what happens with this type of data is even more difficult for organisations to control.
Remote working equipment
Many people will now have a printer as part of their home set-up. However, a lesser number will have an effective means of destroying any personal data printed out. The worse case scenario for much of this sensitive data is that it’s disposed of in a domestic recycling bin, which is hugely problematic and a clear breach of data protection guidelines.
While there’s a responsibility for all individuals to dispose of data securely, there’s also a clear responsibility for the organisations they’re part of to give workforces the right tools to be able to do this.
Centre for the Protection of National Infrastructure-approved shredders are now commonly available for home use, giving users peace of mind within their home office. Ensuring that individuals have a shredder that can shred to P-4 level for general commercial documents or the P-5 level for more sensitive data (such as that found in Human Resources and Finance Departments) is an important step towards ensuring compliance.
As well as having the correct means for destroying personal data to hand, clear guidance on when and how documents should be destroyed is essential. Guiding individuals in how to implement regular reviews of the paper documents they hold, and when these should be destroyed, can ensure that shredders are used little and often and that there’s no build-up of data that should no longer be held.
There are new challenges for all of us in the wake of the COVID-19 crisis, and it’s particularly important that issues such as data security are not lost in among all of the other challenges we’re facing at this time.
Mark Harper is Head of Sales for the UK and Ireland at HSM
64 High Street