Remote working has become the new norm for many of us. This brings with it the threat of data breaches. Employees are taking their work outside of the office and this brings a whole new range of risks with it.
Remote Working Security Policy
First and foremost, policies need to be updated to include
remote working, including dealing with confidentiality and digital security. To
begin with remote working seemed like a temporary solution however it is fast
becoming a fixture in the lives of Irish employees and it is set to continue
for many regardless of the restrictions in place.
Preferably an employee should have separate devices for work
and personal use. This is not always an option, if an employer is relying on
the employee to use their own devices then they need to ensure that their
security protocols are up to date.
As we know having a regularly scheduled shredding service is
of great benefit to a business. With employees scattered here and there, now
there is a higher risk of documents being disposed of incorrectly. Carting
documents to a location to be destroyed is not particularly secure either. We
currently collect from home offices and households and it is so simple to set
up. Just order
your bags and then we will schedule a collection.
Training employees in GDPR is essential and with the new
expectations that come with remote working their training needs to be
customised to suit this new way of working. Employers should be in regular
communication with their team members to review policies and smooth over any
issues that arise. Regular meetings allow a platform for free communication
between all staff members.
Clean desk policy
Preferably an employee should have an office space or
isolated room in which they can work. However due to living situations being
unpredictable there are a few things your employee can be encouraged to do. Try
not to access any data when someone else outside of the company is in the room,
always clear your desk/workspace even if just going for a cup of tea. The
device being used for work should be password protected. If documents need to
be printed, they should be securely locked away.
Ensuring that the Information is Treated Confidentially
Companies need to take into consideration whether it is absolutely necessary for staff to take home or access hard copy files. When it isn’t needed then scanned copies that can be accessed from their devices should suffice.
When a hard copy is required a record of any documents taken home should be kept and your employees need to be able to confirm that they are stored or disposed of in the correct manner.
Employees will need to be trained in cyber security, in particular logging out of their device when it is not being used and ensuring the location which the data is being accessed is secure and private.
Refresh your staff’s training in the existing data protection policies in place and understand that their confidentiality obligations are still in place when working remotely. If there are any amendments to policies to allow for remote working staff should be informed right away.
Protecting the Organisation Against Cyber-attacks
Assess your current security procedures and ensure that all of these are being implemented regardless of remote working.
Encryption is a valuable tool in blocking outsiders from accessing any data even if a device is stolen or lost. If the worst does happen the device should be accessed remotely and wiped.
Members of you IT team should communicate with other staff on how best to remain secure and alerting them of particular scams that are circulating etc.
Even with the upheaval at the moment with all that is going on in these unusual times GDPR is still a priority. Many things have changed but that has not. If you need any advice please feel free to contact us.
Currently we are all being encouraged to work from home. While that is not always possible, for those that can there are important points to consider when working remotely in order to securely manage data. Here are 8 strategies I found particularly useful.
personal and work separate and stick to your own devices.
Try to have separate devices for your work and personal life. Having a
dedicated work device is much more secure for the company. While not always
possible best practice would be for the company to supply the required devices.
Cyber security policy. Have a clear expectation for cyber security when working from home. If the
company has their own devices this can be easier to control as they will be
responsible for virus protection software and how files are encrypted etc. This
is not always possible therefore it is necessary to check the state of the
device an employee will be using. Are you assured that their virus protection
is up to the standard necessary?
open unfamiliar emails, files or links. Opening things from unfamiliar sources can be catastrophic when working
from home. Your clients and employees are instantly put at risk and there is a
multitude of methods that can be used to steal data from them.
your data. Encrypting data means that if a person doesn’t have the correct passcode
then they cannot read the data. When working from home, data will regularly be
sent back and forth between employees, if it is encrypted it is less likely to
secure password. Your password cannot be simple. It needs to consist of uppercase and
lowercase letters, symbols and numbers. It is best if the password has no
connection to the person or company e.g. shredding1 would not be the best
choice of password for me.
with the updates. Regularly let the computer do updates. Updates are vital for ironing out
glitches and security risks that have been identified.
connect to a public/open network. If you require internet and you are out and about away from home and work
then using your phone as a hotspot is a better solution than connecting to an
open network. Connecting to an open network can allow anyone on that network to
access your data.
data regularly. Some viruses are destructive and may not even steal any information. There
are viruses that allow files to duplicate until your pc is so packed that you
can’t even turn it on. Others aim to wipe your entire hard drive. Always back
up your data to a secure drive. Either an external hard drive or a cloud-based
file system that the company uses.
Should the worst happen, and the data is compromised it is
important to report it to the relevant authority within your company.
Due to the events of recent months our definition of normal
has shifted. Where possible we need to stay away from others. For any working
environment to be successful communication is vital and now many of us are
searching for alternative ways to do this without putting ourselves or anyone
else in danger.
Remote meetings allow this. Body language is a large aspect
of how we communicate therefore video conferencing is a useful tool in
facilitating this. It is however very different to being at a meeting in person.
To get through any meeting smoothly and successfully here are a few tips I have
1. Have an agenda
In advance of the meeting prepare the topics and points that need to be discussed and share them with your colleagues who will be involved in the meeting. This will keep the conversation on point and reduce the chance of straying too far from the topics that need to be discussed. It will also let others consider what they need to share in advance.
2. Be on time
Set a start and end time so there is no confusion. It can be hard to gauge when to wrap up a remote meeting. Setting a specific time will allow for a less awkward ending to the meeting.
3. Record the Meeting
It is inevitable that someone will miss the meeting, having it recorded is convenient for the absent colleague to catch up on the points discussed. They can easily view it in a higher speed to quickly get through it.
4. Communicate with Purpose
Not everyone will have superb internet, and even if they do delays are inevitable with so many people in the one conference call, therefore allow for silence after asking a question. Pause longer than normal when opening the table for discussion rather than assuming everyone’s silence means they are ready to move on. When speaking directly to someone use their name, in person looking at them would be sufficient however on video chat it is not possible to know who anyone is really looking at.
5. Quality Audio
There is nothing as bad as trying to have a group discussion when one person’s mic is constantly emitting background noise. Have a headset, preferably a good quality one with a microphone. If you must use an on-board microphone wear headphones so that there is no echo. It is not always possible to be in a quiet area especially working from home so muting your microphone when not speaking or having a push to talk option can be useful in this situation.
It is impossible to control all aspects of the meeting.
Someone may lose connection to the internet or have problems using the software
you agreed upon. So many times, I have had everything perfectly set up for a
conference call and someone’s mic refuses to work without any logical
explanation, by someone I mean me. Following these strategies will improve the
quality of your meetings but there is a need for flexibility that is not always
accepted or required in the office.
Covid 19 has triggered the worldwide stock markets to crash, which means you will be affected regardless of whether you get the virus or not. It has infected us all; it has changed the way we live and now the world feels smaller than ever. It is a dire situation, however how we deal with it can mean the difference between utter despair and hope for the future. The sheer community that is now finally visible among the people of the world is an optimistic result to come from this. While we are all keeping our distance physically, we have never been more connected.
entrepreneur there are many choices you must now make, should I stay running as
normal? How can I implement procedures to reduce risk to my employees and
clients? Will my business survive this? There are decisions to be made which
may seem impossible but there are options, there are possibilities.
Changes need to be made in how we work and how we conduct our day to day business. Working from home, while not always possible, can be an option for many people. If your business is very computer based and relies heavily on this regardless of what is going on in the world, is it possible to maximise this to your benefit and the benefit of your team. Can you remove physical interaction entirely? We now have so many options for conducting business online, from apps for meetings to document editing software that allows collaboration across the seas if necessary. Digital data can be destroyed in a similar way to our paper documentation. We have a hard-drive shredding servicewhich is available in order to remain GDPR compliant regardless of the method you use to conduct your business; digital or paper.
Not everyone can work from home and not everyone can remove
paper or physical contact from their company’s daily activity. You still have
power to put procedures in place which ensure safety among your employees and
consumers. Posters informing all who enter the premises of best practice for
avoiding infection i.e. Hand-washing techniques, sanitising work stations
regularly, keeping distance and respecting social distancing. Providing
anti-bacterial hand wash and sanitisers by sinks and at work stations if
possible. Ensure that all employees are
respecting these procedures explicitly. If you are a large organisation with
enormous traffic, cleaning regularly will be required. Allow for a slightly
slower pace since all these things will take extra time and require diligence.
If an employee is unwell ensure they are aware that they must stay home
regardless of how minor it seems, this virus appears in a variety of ways and
some may not think they have much wrong with them. Communicate policies in a
clear and calm manner, your employees are just as anxious about this situation
as you are and adding to the fear will not be beneficial in the long run to you
This virus is rapidly changing our economy daily and it will
be the same for anyone trying to keep a business running through this time.
Daily reports are a necessity in order to keep on top on the rapidly altering
situation. These reports will inform your next step. We have to all take this
one day at a time and be ever changing in order to keep up.
This virus attacking the world right now is a temporary situation, however the impact of this will be visible for many years to come. In most cases your business will be permanently affected. You will need to plan ahead and prepare for the future. In general adapting is how we will get through this. Humans are designed to adapt.
Shredding your own documents is all well and good however there are many negatives to this which may make you reconsider. Bulky paper shredders with fed up employees shredding for hours, wasting time and money and possibly raising their stress levels to the point where their loyalty may be tested to the extreme. Then the paper gets stuck or some other maintenance issue arises. The shredder is left to the side until someone can get around to having it repaired and the paper begins to pile up and up.
Personal paper shredding costs your company more money. You will have to fork out for upkeep and repair, which doesn’t even take account of the employee you will have to pay to operate it. This employee will have to be someone you trust completely. There is no need to even consider procurement fee, equipment upgrades, electricity consumption, labour etc with a contracted shredding company.
Certification for Compliance.
To make in-house paper shredding a policy within your business, you will need to have a safe and accurate document destruction strategy. Additionally, you must record the removal and destruction of records in question, otherwise you and your operator become liable. A contracted shredding company takes on all of these associated risks so you and your team don’t have to.
Reduce risk of employment fraud.
A business seldom hires a specific team or employee to feed the shredder and ensure the destruction of the documents. The operator is typically an employee who works unaccompanied and there is no supervision in place. An untrustworthy employee can be a risk when they see the possibility of a lucrative way of making money in selling personal and confidential information. In-house shredding increases the risk of employment fraud unless you put safety measures in place. With outsourced shredding, destruction of documentation is always observed and documented from the moment the documents are lugged from the location to the time they are securely destroyed.
Correct Disposal of Data.
In-house shredding usually translates to materials ending up in
normal waste. When the shredder bag gets full or if the shredder breaks down, sometimes
the temptation to throw things in the normal rubbish can be too high. With
outsourced shredding services there will be secure procedures put in place in
order to ensure something like this will never happen. The paper is securely
destroyed and disposed of, eradicating any possibility of data being salvaged
from the waste.
It is clear that contracting outside of your company is safer than in-house shredding. When a corporation does this, they are eliminating the risks of data being released into the wrong hands.
We here at Security in Shredding were absolutely delighted with the turn out for our free shred event which took place on Saturday the 1st February. Our team shredded in excess of 5000 Kgs of sensitive data and 60 Hard drives.
It was a very positive experience over all, regardless of the weather. It gave us the opportunity to raise awareness of the importance of complying with GDPR and what it is to have piece of mind that your data is securely disposed of.
On the first of February 2020 there will be a free confidential paper shredding event taking place at Mungret Recycling Centre, Bunlicky, Co. Limerick to celebrate Data Protection Day. The one-day event takes place from 11am until 3.30pm.
Security in Shredding in conjunction with
Limerick City and County council are facilitating the ‘Free Shred Event’ to
celebrate European Data Protection Day 2020. We wish to promote awareness of
General Data Protection Regulation (GDPR) and encourage good waste management
Security in Shredding staff will be onsite
to destroy up to four hard-drives per individual attendee free of charge in
addition to up to four bags of confidential documents free of charge. We are the
first Irish Data Processor to design and introduce a mobile hard-drive
Householders and Small to Medium Enterprises are encouraged to bring a maximum of four bin bags of confidential paper material. Confidential material can include personal information, bills, customer records, insurance records and income statements, to be shredded on site on the day.
Albert Kelly, General Manager of Security
in Shredding said: “It is an event we have been running in conjunction with
Limerick County & City Council for the past five years to celebrate
European Data Protection Day and we are delighted to provide such a great
facility to businesses in the region. Not only are we creating awareness of The
GDPR Legislation, providing a facility to securely destroy both paper and
Hard-Drives for business, but we are also protecting the environment. We are
thrilled to have built such a great relationship with Limerick County &
City Council for the event and we will continue with the event into the future”.
Consumer confidence is lacking in recent years mainly due to
scandals that have exposed that some of the most popular brands are actually
failing their clients in keeping their word. Therefore, it is more significant
than ever before to portray a trustworthy and reliable stance in relation to
all aspects of your company. A good start to this is to ensure you have a
regular document shredding service.
Security is the basis for confidence
Data security is a vital for all businesses, irrespective of
industry or customer base. Consumers need to trust those who they share their
information with, without the basis of trust, there can be no transaction. This
is evident when we look at cases of data breach in the past, large brands have
come tumbling down due to various scandals over the years. Therefore,
industries need to be able to demonstrate that they can handle, store and
dispose of their consumers’ information in a secure manner. Secure document
shredding services are a perfect way to do this. It is paramount to display to
your customer base that there is a standard in place to achieve this level of
security. This will build confidence in your service/brand.
There is an exceptional number of waste paper passing
through our offices every day. Allowing this to end up in general waste is just
irresponsible. Not only can it cause serious issues with data breach it also is
not environmentally friendly. Your shredding service can provide you with the
peace of mind that all your documentation is securely destroyed and recycled.
You are not only protecting the security of your company you are also
protecting the world we all live in. The greener your company can be while
protecting the clients you value the more trust you will build.
No one questions the necessity of secure paper shredding for documents such as a person’s financial, medical or legal details. However, they are not the only papers that require elimination in order to protect sensitive data. If you are having a company come to shred on site or off site, for your own sake and to get the most out of your document destruction service, it is important to know what documents specifically require shredding.
Sometimes they will include part of your account numbers or
card numbers and even part of this information being leaked can give those out
to do your business harm a leg up.
Job Submissions & CVs
Countless businesses retain applications and CVs of individuals they did not employ at the time they applied, but would consider down the line should the need arise. When this document is eventually no longer needed, it should not be merely thrown in the bin. It requires shredding as it contains personal information.
Old Bank Statements & Credit Card Bills
It is important to treat your company’s financial information as delicately as you would anyone’s personal financial information. When records are no longer required, it is time to shred.
Sensitive Information for Marketing & Research on the Competition
This is information that you do not want to fall into the
wrong hands. It could easily be misused should an employee’s loyalties drift
from the company.
Old Utility Bills
These bills have your account information on them therefore
they can be misused by those wishing to do your company harm.
Old Personnel Files
You are entrusted with very classified personal information about your workers. It makes sense to keep certain accounts of past employees as you may be requested for a reference however only keep the necessities.
Out of Date Service Contracts
Those that scam have discovered numerous methods of impersonating legitimate service providers. Allowing your old contracts to be disposed of incorrectly will give them another advantage.Always make use of your document destruction service.