1. Qualify As An Essential Business
Global crises may require quarantining of personnel and citizens to ensure the minimization of affects. This restriction can make it difficult to perform onsite processes that are required for day-to-day operations. For an organization to continue to operate, it may be vital to be classed as an ‘Essential Business’. Here are some resources to find out your organization’s classification:
- Contact your State/Regional Commerce Department and request clarification on your business classification.
- Contact your industry associations and societies to find out their recommendation for your company.
- Review published guidelines by the State/Regional government.
The classification of a business impacts their revenue and provides a pathway through a global catastrophe. If an organization is classed as an essential business, most regions will require each employee to be provided with a letter from the company stating the ‘Essential Business’ qualification and a window sticker for the employee’s car. This will decrease the law enforcement inquiries with employees.
2. Managing Staff Reductions
A major global event could cause drastic drops in revenue and require businesses to reorganize their human resources. This reorganization and accompanying layoffs will need to be in compliance with government employment laws and the internal data security policy.
The assets of an outgoing employee must be sanitized of all sensitive company data and a report generated of that erasure. In the event of remote employees, the IT assets should be accessed remotely, and the data securely sanitized with WipeDrive. The employee’s mobile devices (phones & tablets) should be included with these IT assets.
The proper removal of data will protect your company from future accidental and malicious data breaches.
3. Access Restrictions
Data centers and warehouses should restrict all access during global crises. This action ensures the protection of data and IT assets in global facilities. This measure can also negatively impact 3rd party service providers and delay the conclusion of pre-determined projects. It is important for service providers to work closely with their clients to discover their timeline for reactivation of the project. Corporations may work with service providers to train internal personnel to perform and complete the projects by the agreed upon deadline.
4. Fallback & Disaster Recovery Site Management
As locations are impacted by global events, it is the duty of the Chief Data Officer to keep records of every system that contains data in an organization. This becomes troublesome when day-to-day operations must be moved to a fallback location or multiple fallback locations due to the global events. The CDO is responsible to track each system in each location and ensure each system is addressed promptly to meet the data security policy. In some events, immediate erasure may not be possible during the incident, but future access should plan for the secure sanitization of IT assets. The locations should be kept secure until further access is possible.
When moving from site to site, it is recommended that systems in-transit be erased prior to transfer in case they are lost or stolen. These systems can be reimaged when they arrive at the fallback or disaster recovery site.
5. Home Office Data Sanitization
When employees move to a home office environment it creates multiple data security issues. Employees should ensure that systems with access to corporate data at home are locked with passwords, VPNs and the office doors secured by locks. We recommend the following additional security measures:
- Print copies should be shredded or collected and then processed at the corporations document shredding facility.
- All company communication should occur when connected to the corporation’s VPN to ensure data protection.
- USB drives and other devices that store corporate data or processed corporate data at home should be addressed to meet the corporate data security policy.
After the global event, employees should report to management all the devices that accessed, stored or processed corporate data and provide an audit report of the device’s erasure and access removal. IT managers are responsible for ensuring all access to data from remote home offices is eliminated. These steps will ensure your data is protected after work returns to normal.
A properly implemented data security policy will address global event procedures and provide clarity in times of disaster. For more information on WipeDrive’s remote erasure capabilities and improving your data security policy, please call 801.224.8900.