Thousands of businesses are storing terabytes of confidential business and personal information on laptops, PDAs, removable disk drives, flash memory cards, etc. This has led to a spate of highly publicized security breaches involving the loss or theft of equipment containing customer records, Social Security numbers, drivers’ license numbers, and so forth – that have cost companies millions in legal damages – not to mention loss of reputation.
More and more companies have plans to keep these devices secure on the job. But what happens when workers use them away from the office? To help protect the confidentiality of data on portable electronic devices when used off premises, we’d suggest this 10 point program:
- Install virus, spyware, and firewall software on these devices.
- Add remote tracking devices (where feasible). For example, when a laptop accesses the Internet, its location can be tracked.
- Set security standards for devices when being transported. Require laptops to be carried in a discreet bag that’s not easy to spot as containing a computer. Apply stricter standards to travel outside your state or while abroad.
- Prohibit disabling security. Instruct employees not to disable any security measures used to protect confidential data on devices.
- Require erasure of confidential data contained on the device.
- Delete or destroy data on personal devices when they’re discarded and then destroy the device, – overwrite data or erase data.
- Ban personal recording devices (such as thumb drives, iPods, or camera phones) or portable devices to maintain confidential records.
- Require confidentiality usage agreements for all employees with access to portable devices.
- Inventory all devices that contain confidential records, e.g., laptops, wireless devices, removable disk drives, memory cards, or PDAs.
- Set and enforce disciplinary policies for any violations of the policy.
Our risk management professionals would be happy to help you develop and manage an off-premises data security program – feel free to get in touch with us.