Keeping Data Secure at Christmas
During the festive season there are lots of distractions for employees, which isn’t good news when it comes to information security.
The risk of a security breach incident increases when employees use company computers to plan their social activities and do their shopping, for example, or when they get careless with company information outside of the office.
Rather than provide criminals such as identity thieves with an opportunity to feast on private information, here is a review of document management best practices with a spotlight on the importance of secure destruction.
- Put a comprehensive document management policy in place. Every document that contains confidential information should be tracked and secured. Limit access to just the employees who need the information to do their jobs.
- Train staff. According to a Trend Micro-sponsored Ponemon Institute study, employee negligence is the top data security risk in small businesses. Regular staff training about document management and destruction services is critical. It’s also important to designate someone to be responsible for information security and ensuring employees follow policies and procedures.
- Make sure you comply with the Data Protection Act (DPA) and other regulations that may apply to your industry. Half of UK companies don’t realise they could be fined up to £500,000 for breaching the DPA. To date, the ICO has issued large fines for incidents such as lost data storage devices, supposedly securely destroyed hard drives with personal data still on them being sold online and confidential documents being found at disused premises after the occupying organisations had moved out. Partner with a document destruction company that understands privacy legislation.
- Include specific training for the mobile workforce. The Trend Micro research also showed that 56% of employees frequently store sensitive data on their laptops, smart phones, tablets and other mobile devices. To protect information on electronic devices, employees should be trained to remove only the information they need to do their job from the workplace, return all documents for safe and secure disposal, protect devices and information in public places, and use technology safeguards such as encryption software on storage devices.
- Always shred before recycling. Open recycling bins in the office can be a security risk. Paper in unsecured recycling containers can be misplaced or stolen, or it can fall out of the collection vehicle in transit.
- Partner with a document shredding company that has a secure chain of custody. This should include providing locked containers for the workplace, secure shredding on- or off-site, and a certificate of destruction after every shred.
- Implement a shred-all policy. Many breaches are caused by employee negligence. Shredding all documents that are no longer needed helps avoid the risk of human error in determining what needs to be destroyed.
- Hard drive and electronic media destruction must be part of your secure destruction programme. Deleting or wiping sensitive data from computers does not guarantee its permanent deletion. Research has shown sensitive information that had been deleted or erased on hard drives can be recovered. Physically crushing or shredding hard drives and other electronic media is the most secure way to permanently destroy the data.
The festive season should be productive, fun and secure in the workplace – check out our seasonal security infographic for more tips.
Season’s greetings and all the very best for a successful and data breach-free 2015!
Join the conversation on information security with Shred-it on Twitter @Shredit_UK.