Combatting the Data Security Challenges of Remote Working
Mark Harper explains the growing popularity of paper shredders with organisations whose staff are continuing to work from home during the Covid-19 pandemic.
It was March 23rd when the government issued Covid-19 guidelines instructing most businesses to arrange for their workforces to work remotely. Over four months and countless video calls later, we’re still here and wondering whether we’ll ever make an official return to ‘normal’.
Throughout this period, creativity has prospered and teams have done what they can to adjust to new working conditions, tackling a list of challenges that span from much changed internal communications, home setups and trying to concentrate on working with children competing for attention! Businesses have in general adapted well. In fact, many temporary arrangements may well now become a more permanent fixture, with many business leaders encouraged by how quickly teams have adopted a new way of working.
It hasn’t all been plain sailing though. Despite worldwide reports of productivity boosts, working from home has presented some demanding challenges, including data security - an underlying issue that must now be addressed promptly and effectively.
Sensitive Data at Home
Working from home invariably means that many workers are without direct, professional support much of the time, which means that the correct handling of data is now much harder to control for businesses. According to a 2020 global research study from Lenovo, 72 per cent of respondents working from home due to Covid-19 were in some way concerned about protecting personal data on their work devices.
Although the respondents of this study expressed concerns about personal data held on laptops and other devices, this does pose a wider question for data security as a whole and the infrastructures that businesses and teams have in place. Workforces suddenly have additional responsibilities in relation to the handling of data and may have largely been left in the dark as to how they should now be dealing with sensitive data from home.
Recognising the challenge organisations are facing, the United Kingdom's Information Commissioner’s Office (ICO) has published guidance on how teams can work from home securely. Using collective information such as this, employers must now remain educated themselves and implement effective data proection procedures wherever needed. Even within the comfort of our own homes, it’s key for all involved to understand their responsibilities and the legal implications of not remaining compliant.
Over the past few years, digital data protection has become more and more part of everyone’s lives, and simple to implement protections, such as two-factor authentification, are now normal procedure for most modern office environments.
However, data handling around paper documents has seen less innovations. Printed documents that hold sensitive data are out of the reaches of most of the digital protections that are part of most people’s IT setups, so what happens with this type of data is even more difficult for organisations to control.
Remote Working Equipment
Many people will now have a printer as part of their home setup, however less people will have an effective means of destroying any personal data that is printed out. The worse case scenario for much of this sensitive data is that it is disposed of in a domestic recycling bin, which is hugely problematic and a clear breach of data protection guidelines.
While there is a responsibility for all individuals to dispose of data securely, there is also a clear responsibility for the organisations that they are part of to give workforces the right tools to be able to do this.
In the UK, Centre for the Protection of National Infrastructure (CPNI) approved shredders are now commonly available for home use, giving users peace of mind within their home office. Ensuring that individuals have a shredder that can shred to P-4 level for general commercial documents or P-5 level for more sensitive data (such as that found in HR and finance departments), is an important step in ensuring compliance.
Moreover, for many documents generated by government sector organisations, CPNI has recently placed restrictions on the use of mobile paper destruction service providers and waste to energy incineration (excluding DSTL) service providers for destroyinb documents as neither technique complies with its secure destruction standard regarding the particle sizes paper media should meet.
As well as having the correct means for destroying personal data, clear guidance on when and how documents should be destroyed is essential. Guiding individuals in how to implement regular reviews of the paper documents they hold, and when these should be destroyed, can ensure that shredders are used little and often and that there is no build-up of data that should no longer be held.
There are new challenges for all of us in the wake of the Covid crisis, so it is especially important that issues such as data security are not lost in amongst all the other challenges we are facing at this time.