New year, new start: making information security a priority in 2015
Are you making some New Year’s resolutions this year? As well as making promises to try better in your personal life, why not think about ways to make a fresh start in the workplace – particularly when it comes to information security?
Security breaches in the UK cost over £2.2 million per incident, according to the 2014 Cost of Data Breach Study for the UK conducted by the Ponemon Institute. But they also have massive reputational repercussions that many companies find it hard to bounce back from. If you reflect honestly over your information security solution in 2014, can you think of areas where you could improve?
Shred-it has compiled this handy checklist to help you analyse your information security solution as you head into the new year.
From a physical point of view, does your business:
- have locked filing cabinets for documents that include customer information, employee records, financial data, and other sensitive material?
- use laptop locks that prevent physical theft?
- use secure, off-site storage for documents that you are legally required to retain?
- prohibit the use of unsecure recycling bins at employees’ workstations?
- have secure shredding containers for safely disposing of documents?
- securely destroy old hard drives once they are no longer needed?
- have a secured area that can’t be accessed by anyone without a key or security pass?
From a digital point of view, does your business:
- encrypt smartphones so that data is secured even if the phone is lost and recovered by someone outside the company?
- regularly update your computer software to ensure that security holes are patched?
- backup sensitive data to a secure, off-site storage facility?
- ensure that employees regularly change their passwords?
- prohibit employees from leaving passwords written on their workstations?
- limit access to network folders with sensitive information?
- have anti-malware software installed on all computers?
From a policies and procedures point of view, does your business:
- have rules regarding proper document management that includes storage and disposal?
- have rules regarding the removal of equipment, data and documents from the office?
- have rules regarding proper document management when working remotely?
- train new employees on information security policies and procedures?
- provide regular (semi-annual or annual) refresher training on information security policies and procedures for employees?
- perform information security audits to ensure that employees are following policies and procedures?
- make adherence to policies and procedures part of employees’ performance review process?
If you’ve answered no to any of the questions in the checklist then there’s definitely room for improvement in your business’ information security practices. The good news is that all of the items featured on the checklist are easily implemented at a minimal cost.
Working with an experienced document destruction and shredding services company can help you identify risks and put processes in place to safeguard confidential information from creation to destruction. Check out our video on how to select a provider you can trust and which will help you to remain compliant with data protection and privacy laws.
Join the conversation on information security with Shred-it on Twitter @Shredit_UK.