WHAT CAN BUSINESSES DO TO HELP THEIR STAFF BE COMPLIANT WITH PRIVACY AND DATA POLICIES?
UPDATE OF POLICIES
- Think about your Bring your own device (BYOD) policy – if employees use their own devices when working from home.
- Highlight public and home Wifi as a threat and what staff needs to do to use them safely.
- Review and adapt your policies around printing, storing and disposal of paper documents and add a section around storage and disposal of documents in the home office.
- Review your password security policies. The National Cyber Security Centre (NCSC) currently recommends using three-word passphrases rather than passwords. Additionally, you should consider multifactor authentication.
- Your policy should state that before disposing of, selling or donating an old computer or hard drive, all data has to be fully erased from the hard disk.
- Don’t assume everyone understands GDPR. Educate all employees on GDPR requirements, personal data handling and the six principles of data protection.
- Training should be given to all new starters and as part of regular data security refresher sessions.
- Provide a checklist for your employees of areas that could pose a risk for a data breach – you could also let them do a Data Security Health check.
- Make sure your training covers sensitive paper documents and how to handle these. Which documents and records need to be stored for fixed amounts of time and which ones should be destroyed straight after they are no longer needed.
- Add a training module around data security in the home office that highlights the new additions to your policies.
- Consider an online training portal so you can track the status of everyone’s training and set a fixed deadline.
- To avoid issues with BYOD we would advise for the company to invest in laptops rather than desktops- this way the equipment can easily be taken in between the home and the corporate office.
- Invest in superior anti-virus and firewall systems
- Make sure that your staff has access to a shredder in the corporate office.
- Additionally, employees working from home should be equipped with a small or home office shredder.
- For highly confidential or personal data like addresses, invoices and balance sheets opting for a micro-cut (P-5) shredder as the smaller particle size provides superior security making data impossible to read or recover
- Ensure a productive and safe workspace for your employees by taking into account jam prevention and safety features when looking for a shredder.
- Communication is key across all levels of the business.
- Avoid knowledge gaps in more junior level positions.
- Data security should be covered in the next site meeting as well as in smaller groups during the monthly team meetings and 1-1 catch ups.
- Put reminder posters up across the business – but also include the update to the policies in your newsletter and post it on your intranet.
- Sharing of best practices and any phishing or cyberattack threats with the business so everyone can watch out for them.
- Make Data Security part of quarterly business reviews
Here at Don Ruffles, we have a simple compare system where you can identfy the best shredders for your staff, if they are in the office or at home. Simply click on the image below or visit our specialist shredder site here or contact us.