Document Security: Surprising Risks in a Document’s Lifecycle
There was a time when all documents in a workplace were thrown into the rubbish or recycling bin – and forgotten.
But not anymore.
This kind of process threatens office information security and creates huge risks in the office document security process.
Here are ‘touchpoints’ in the document lifecycle where confidential information can get into the wrong hands, along with solutions to lower the risks:
- Handling. The risk of a data breach increases when confidential documents are left out in the open – on an employee’s desk or left behind in a meeting room or on a photocopier. Solutions: Comprehensive document management protects information from creation to destruction. Implement a Clean Desk Policy too so that all confidential information is protected in and out of the workplace. Employee access should be based on job requirements. Label documents to be stored by what they contain and when they must be destroyed. Secure storage is key – lock information in a dedicated data room or filing cabinet.
- Recycling bins. When documents are put into open recycling bins, anyone can record or steal the confidential information. According to the 2015 Third Annual Data Breach Preparedness Study by Ponemon, 55% of organisations have reported a security incident or data breach due to a malicious or negligent employee. Solutions: Improve document security management by replacing open recycling bins with locked containers for documents that are no longer needed. The containers should have tamper-proof slots so documents cannot be retrieved. Experts also recommend a Shred-it-all Policy so that all documents are sent for secure destruction – to simplify the process and to remove the risk of employee error.
- Third-parties. There are potential risks associated with partners, contractors, and other third parties. Cleaning staff, for example, may transfer documents in recycling bins to larger bins – and this can expose confidential information. Furthermore, over the past few years, many large data breaches have been traced back to successful attacks on third-party service providers, partners, suppliers, and contractors. Solutions: Monitor third parties for their commitment to security and best practices. The 2015 Cost of Data Breach Study: Global Analysis showed that third party involvement significantly increases the cost of a data breach.
- Recycling or waste bins outdoors. Any confidential information in outdoor bins is of interest to data thieves. Bin raiding is not illegal unless the skip or bin is in an enclosed area or on private property. Solutions: Partner with a document destruction company that securely shreds all confidential information when it is no longer needed.
- Transport. When intact confidential information is transported to a waste or recycling centre, it can get into the wrong hands at any point along the way. Solutions: Partner with a reliable document destruction company that has a secure chain of custody including security trained personnel to collect the contents from locked containers on a regular basis. All Shred-it employees, for example, undergo training to achieve a Certified Information Security Professional designation.
- Recycling process. Information is exposed repeatedly when sent to a recycling depot. Solutions: Partner with a company that recycles paper after shredding it. Customers should receive a Certificate of Destruction after every shred.
Recycling bins aren’t the only risk when it comes to office fraud. Find out other areas where your workplace could be vulnerable.