Guidelines for Information Security and Records Management for remote workers

Whitepaper

With so many employees now working from home, Iron Mountain is sharing best practices for maintaining the security and privacy of your information during this unprecedented time.

8 April 202012 mins
Guidelines For Information Security And Records Management For Remote Workers

Organisations around the world are facing new and unparalleled challenges related to the COVID-19 pandemic. With so many employees now working from home, Iron Mountain is sharing best practices for maintaining the security and privacy of your information during this unprecedented time.

Whether in an office or your home, how you manage records and data is no different - all employees must comply with organisational policies. Given the circumstances, employees could be preoccupied with managing through the crisis and need clear communication and reminders on policies and procedures.

“It’s important to remind employees working remotely of best practices for information management and security. In stressful times, people find workarounds, so keep the communication simple and specific.”
Arlette WallsIron Mountain, Global Records & Information Manager

POLICIES

Ensure policies are available to all employees - remind them where they are located on your intranet. Communicate to all employees - when in doubt, refer to the policies for:

  • Records and Information Management
  • Security
  • Privacy
  • HR remote working guidelines
  • Device security, including:
    • acceptable use of devices and handling of information
    • records copied to a personal device
    • records sent to a personal email
    • home printer drivers
    • use of flash drives

Be sure to publish contact information to answer questions and address concerns.

SECURITY

While working remotely, employees need to be extra vigilant regarding the security of information and devices.

  • Protect your devices from unauthorised access by storing them securely when not in use.
  • Do not share devices or your login and password information with people in your household.
  • Save all content to your designated network, not to your desktop.
    • Information saved to your desktop is not securely stored and protected.
  • Refrain from printing records/documents.
  • If you do need to print, keep these documents secure:
    • Do not throw your organisation’s paper records/documents in the trash or recycle bin.
    • Retain printed documents in a secure place until you can:
      1. Return to the office and place in a secure shred bin.
      2. Shred on your personal shredder, according to your organisation’s shred-spec policy.
  • Whether working from home or in a public place (as allowed under COVID requirements) use a secure connection rather than a public WiFi connection.
  • Use privacy screens to protect your information.
  • Train your employees to be hyper alert to cyberattacks, ransomware and phishing emails. Warn employees that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns.

PRIVACY

If handling/using records with personal data, you must be mindful of compliance requirements; the information must not be made available to any unauthorised people. It is essential that private and sensitive data, as well as intellectual property, are not exposed to any risk of potential data breach or misuse.