5 tips to improve document security when working from home

Experts reveal five ways home workers can improve document security and keep confidential information safe when working from home…

Being away from the office means that confidential information and data is at higher risk of a breach. And with 66% of homeworkers admitting to printing work-related documents since they began working from home, it’s important to improve document security outside the office.

Confidential shredding and records management company Go Shred highlights five ways home workers and employers can strengthen security when accessing confidential information away from the office.

1. Understanding what is confidential

When thinking about how to keep information and documents secure when working from home, it’s worth going back to basics and speaking to employees about the types of data processed within your organisation. The main types of documents you need to consider improving security on are those which contain personal and sensitive data about your customers, your business and each other:

Documents containing personal information about staff and customers are classified as confidential. Under GDPR ‘personal data’ means ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
You should also consider any documents which contain sensitive data. The GDPR rules refer to sensitive personal data as “special categories of personal data”. This category of data can cover everything from an individual’s race, to politics and genetics, and therefore needs extensive protection.
And finally, sensitive business data, which means any documents which may be considered as commercially sensitive or require additional security measures. This includes information relating to Intellectual Property, office plans, office IDs, internal procedure manuals and client contract details as well as commercial documents such as invoices. Shockingly, in a recent survey conducted by Go Shred, 30% of home workers admitted to printing items including contracts and commercial documents.

2. To print or not to print

Interestingly, 41% of home workers recently stated they are aware of the GDPR rules and regulations around printing confidential documents related to work outside the workplace. Still, they have no choice other than to print at home.

The same poll revealed that home workers are printing five documents every week on average. That means that since the government first advised against all unnecessary social contact on the 16th March 2020, home workers have potentially printed an average of 2352 confidential documents to date.

Businesses need to be aware that printing anything from meeting agendas to expense forms, CVs and internal documents could put you at risk of breaching GDPR regulations. Business leaders should consider how they can work with their existing confidential waste management companies to support the correct disposal of these items, with products such as mini shredding bins and remote collection now available.

3. Secure storage

Where the printing of documents containing confidential information is unavoidable, the physical documents need to be secured safely. This means they must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.

With regard to personal data Article 5. 1.e) of the GDPR clearly lays out the principle of ‘storage limitation’, and says personal data should only be kept for as long as is necessary to fulfil the purposes for which the data is being processed.

It’s advised that businesses review their existing GDPR guidelines and refresh these based on the risks faced when working from home. Staff should be encouraged to only store information they have printed in secure locations which cannot be accessed by anyone other than themselves. They should not be left in plain sight or even read in clear view of anyone else outside of the organisation.

4. Confidential waste bins

If sensitive documents need to be disposed of, this also needs to be done securely. They should be shredded or placed in a confidential waste bin. In order to keep this information safe, all confidential waste must be disposed of, collected and then destroyed separately, before it can be recycled.

If businesses have supplied their staff with confidential waste bins for their home offices, they should then be collected and sealed in security bags prior to shredding or collection by a waste contractor. When it comes to the destruction and management of secure information, it’s vital to work with a company that works and operates to the most stringent and appropriate standards. Key certifications and accreditation to look out for include ISO:9001:2015, EN15713:2009, Environment Agency Waste Carriers License and Information Commissioner’s Office Certificate.

5. Keep up to date with cybersecurity threats

Businesses should also be considering how to keep documents and sensitive information safe online. Whilst many staff members are working from home, accessing digital documents can open them up to new hacking risks.

For any information that’s stored digitally, it’s essential to control access by using passwords, firewalls and encryption. This should also be considered for any information which is held on hard drives or USBs.

When using passwords to control access to confidential information, you must ensure that they’re secure and updated regularly. Sensitive information should also only be accessed via a secure internet connection on approved devices. Requiring employees to connect to the same server they would in the office to access or via secure online document storage solutions such as Google Drive, is one way of protecting the information from unauthorized access.

Says Mike Cluskey, Managing Director at Go Shred:

“Working from home demands a different security standard than being in the office, especially when it comes to document security. Although remote working has become the norm for many people, it is still daunting for both employers and home workers to think about GDPR compliance which requires businesses to keep all personal data private and secure.

“Companies of all shapes and sizes need to ensure GDPR compliance and document security, whether you’re a startup or a well-established organisation, sticking within the existing guidelines is essential to avoid fines and reduce the risk of data breaches. We urge business leaders to look at their existing practices both online and offline and consider whether these are still working for their remote staff. Homeworkers should also take extra precautions to make sure they are doing everything they can to protect confidential data and information.”

For more tips and tricks of keeping documents safe when working from home, please visit: https://www.goshred.co.uk/go-shred-blog.html

Feb 16, 2021Chris Price

For latest tech stories go to TechDigest.tv

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.

Cookie	Duration	Description
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
disqus_unique	1 year	Set to record internal statistics for anonymous visitors.
uvc	1 year 1 month	addthis.com sets this cookie to determine the usage of addthis.com service.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
skimGUID	10 years	Set by Slimlinks, this cookie is a unique identifier provided to each device for log analysis to determine the number of unique users for various parts of skimresources.com.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
_ir	session	This is a Pinterest cookie that collects information on visitor behaviour on multiple websites. This information is used on the website, in order to optimize the relevance of advertisement.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.

Cookie	Duration	Description
wp_api	past	Description is currently not available.
wp_api_sec	past	Description is currently not available.
xtc	1 year 1 month	Description is currently not available.

1. Understanding what is confidential

2. To print or not to print

3. Secure storage

4. Confidential waste bins

5. Keep up to date with cybersecurity threats

Share this:

Like this: