While half of workers frequently work outside the office, 11 per cent said their employer has no security protocols for using work-related electronic devices offsite, according to a new study of Canadian employees by document destruction company Shred-it.
“The study findings serve as a wake-up call for executives, as we see a large portion of employees either working remotely without any strict corporate guidelines or aren’t aware of any existing guidelines on how to store and discard sensitive information,” said Paul Saabas, vice-president of Shred-it, in an email to Benefits Canada.
Indeed, 15 per cent of survey respondents said they don’t know if there are protocols. “Essentially, this should incentivize businesses to not only develop internal policies, but also to effectively communicate them to employees,” he said.
And employees do have concerns about security, with 70 per cent of respondents saying their personal information could be at risk when working offsite, 71 per cent worrying about the safety of paper documents when working offsite and 61 per cent concerned about the safety of electronic devices.
“It’s important for employees to be proactive about how they protect personal and corporate information and know or ask about their company’s guidelines,” said Saabas. “Lack of guidelines or not knowing the data protection guidelines doesn’t waive off liability from their shoulders.”
Although more employers are offering flexible working arrangements to improve employee productivity and work-life balance, data concerns should be actively addressed, he said. “The issue isn’t flexible work arrangements, but having comprehensive policies in place [for data storage], communicating these policies and following them.”
When implementing flexible working arrangements, employers should provide employees with clear guidelines and policies about safe data storage and disposal, said Saabas. “Establish comprehensive information security policies for remote and flexible work arrangements. [Have] effective internal communications to ensure employees are properly trained on policies, are aware of the evolving risks and provide an organizational structure to ensure employees remain compliant.”