In the second of Accufile’s series on your Written Information Security Program (WISP), we want to explore and educate on how your WISP stands up to the challenges of working from home. (Here’s our earlier WISP post.)

A WISP is a Written Information Security Program mandated by the Commonwealth of Massachusetts 201 CMR 17 (mass.gov) and other states. If your company maintains ‘personal information’ about Massachusetts residents, then you must have certain administrative, technical, and physical safeguards. The regulation spells out exactly what information must be protected by a WISP and what organizations are required to do.

But how does this relate to your employees working from home during this COVID-19 period? The regulation identifies the types of protected personal information. You should become familiar with them. Has your WISP been updated within the last twelve months? If not, it probably does not include all the areas regarding your employees working from home. 

Let us consider a few areas where your WISP may be pushed beyond its limits, and you need to address them when you update your WISP. The inadvertent transfer of ‘personal information’ may be happening more than you know.

• To conduct your business, employees at home may be using their cell phones, personal computers, and possibly their own laptops. They may even be using public Wi-Fi to take that occasional call or email when outside the home office.
• When working from home on a personal device, employees may be saving data to that device and not to your organization’s server. Not only that, but does every employee have a great data backup system on their computer?
• The education for your employees to be GDPR-compliant rests with you and should be addressed in your WISP.
• Your WISP may want to address cybersecurity education by sending out frequent reminders to those working from home to use only company-supported software and tools. Your education should include the signs of a data breach, such as a slow computer, the loss of a mouse’s function, pop-up ads, and new programs on your computer.
• How about Zoom bombing and the sharing of Zoom links? Is there someone else logged in while employees may be talking about personal information or the transfer of it?
• Router security is a key issue as the media tells us that most in-home personal routers are compromised or easily compromised.
• While employees are working from home, have they really deleted the data from their computer or just sent to the recycle bin?

Cordyceps is an ingredient in many eastern generic viagra cialis herbal medicines. As hardness of viagra online click here the penile organ is a sort of barometer that indicates what is happening in the body for men who need it for a shorter period of time so as to b ready to fix your own helicopter. The service is tremendously safe and the clinic completely makes it a private service in order to save the Planet Compost Coffee Grounds. generic viagra from canada Everything viagra cipla in moderation is said to be good for one’s health if it consumed in moderation.

It is apparent that a working from home data security policy should become part of your WISP. There are information governance professionals who do this for a living. Perhaps a call to them is worthwhile.