Your Information Security Plan: How to Make 2016 a Data Secure Year
In 2015, 90% of large organisations and 74% of small ones surveyed in a study by PricewaterhouseCoopers (PwC) suffered at least one security incident. With the risk increasing constantly, it’s a good time to assess and improve your organisation’s information security policies and data security plan to get 2016 off to a secure start.
Here are 12 best practices that improve data security.
- Put information security in the budget. Despite the alarming frequency of data breaches and cyber-crime, research shows that organisations may not be increasing information security spending accordingly. The Global State of Information Security Survey 2015 by PwC showed that for the past 5 years, the average security budget has been at just 4% of overall IT spending.
- Do a security risk assessment to identify where your company may be at risk of becoming a victim of fraud or identity theft. Do this regularly.
- Appoint someone to be in charge of information security. As a blogger at securityintelligence.com points out, information security is not simply technology problems. “The CISO must drive the information technology and security education of the workforce.”
- Adopt a culture of security that sets the tone from the top down that information security is a priority. Policies and procedures should include comprehensive compliance standards. All suppliers, including your shredding services partner, should have procedures in place that maintain information security too.
- Provide employees with on-going information security training. According to 2015 Ponemon research, human error was responsible for 28% of security incidents. Training must target unsafe employee practices.
- Create best practices for your mobile workforce. Time and again security experts cite the importance of secure work habits of employees who work outside of the office.
- Monitor data protection legislation that affects your business, and work with third-party suppliers who do too.
- Invest in the most up-to-date IT system tools to detect and reduce the risk of security vulnerabilities. Cyber security needs change constantly as new threats evolve.
- Make information security of both electronic information and paper documents a seamless part of the workplace. Create a document management process with clear retention and destruction procedures. Implement a Clean Desk Policy. Partner with a document shredding supplier that provides locked consoles for easy disposal of sensitive documents or electronic media.
- Introduce a Shred-it all policy so that all documents are securely destroyed when they are no longer needed – and employees don’t have to decide which documents contain confidential information.
- Don’t stockpile old electronic equipment. Research has shown the only way to guarantee destruction of information on data storage devices is to destroy them. Speak to your document destruction services provider about e-media and hard drive destruction.
- Create an emergency response plan. Industry experts say it’s also important to practice putting the plan into action so that all employees know what to do in the event of a breach.
To start your New Year free from clutter and improve document security, you need to be sure to dispose of any confidential documents securely. Learn more about how to choose a secure document destruction service provider in this factsheet.