Your IT department or consultant has constructed all kinds of systems and processes to keep sensitive information safe. Passwords are changed, backups are kept and strict policies are written. What happens when employees work from home?
Employees may work from home for full days or tote a laptop to catch up for a few hours in the evening. After dinner a teenage son picks up the laptop to finish a paper for school since the family PC is being monopolized by another user. When the employee logs onto the laptop again something doesn’t look quite right. They figure it’s no big deal since they are able to complete their work.
Another employee accesses work on their personal computer at home. It’s easy to email a document or files, pull it up and save it for future use. One night they send a completed document to a few company colleagues who are working on the same project. In the address list they accidentally include a friend, who works for a competitor.
A third employee takes the time to save the files on a portable drive. This worker never saves a file on their home PC hard drive; everything goes on the portable device. The portable drive is on the end of a nice long lanyard with the company logo. After work one day employee three stops at an electronics store for some shopping and realizes afterwards that the drive fell out of his briefcase.
We’ve heard; don’t save sensitive data on laptops, encrypt files and restrict access. In our mobile workforce it’s not easy to enforce these important steps. The more we rush and multi-task the more likely we are to let simple document security measures slip.
I’ve read 12 to 14 page computer use policies that are as dense as the fine print in a credit card agreement. They are written with good intentions to cover every inevitable misuse or mishap. And yes employees have signed forms indicating that they received these policies. How many employees really read them?
In the seasonal rush distributing a few hypothetical situations or real news stories about data disasters will have a greater impact. Don’t wait until a competitor has your new price list to remind employees about the importance of protecting sensitive information.