How to create a Total Security Culture in your workplace
Thankfully, most companies in the UK have an existing procotol in place for the storage or disposal of confidential data and the numbers are growing, particularly for SMEs (68% in 2014 up from 60% in 2013), according to our 2014 State of the Industry Report.
However, having an information security policy is one thing but can you confidently say that all your employees not only know and understand your organisation’s security policies and procedures, but truly commit to them and implement them correctly? To succesfully implement a total security culture a strong shift in the attitudes of employees is often required.
It’s essential that organisations reinforce the importance of robust information security with their staff and remind them that there are both business and personal repercussions to being lax with confidential information. Data security is now more important than ever for UK businesses looking to protect their financial standing and corporate reputation. The potential costs of a data security breach could run into millions of pounds, leading to dented credit ratings, angry or lost customers and irreparable damage to client trust.
One important aspect of this cultural shift is moving away from the notion of ‘document disposal’ to ‘document destruction’ and, even more importantly, ‘destruction at the source’. Most workplaces still have recycling and wastepaper bins at each employee’s workstation which encourages staff to dispose of information in these unsecured containers. Rather than leaving it up to individuals to make the decision over whether a piece of information is confidential or not, organisations should encourage their employees to dispose of all material in secured consoles that are then dealt with by professional document destruction service providers.
Shred-it has pulled together some practical tips on how you can begin to introduce a total security culture into your organisation:
- Firstly, you need to identify all the potential risks that could threaten the security of your organisation’s condiential information. That includes everything from financial records to customer and employee information
- Closely examine the workflow and lifecycle of documents within your organisation. Look at everything from how the data – both paper and electronic - is generated, stored, transferred and destroyed
- Create an appropriately comprehensive strategy in how to handle information security
- Once a strategy is in place, develop security policies that are compliant with national identity theft and privacy legislation. Is your organisation up to speed with the Data Protection Act?
- Figure out restrictions in who can access confidential data in both electronic and paper form, based on business needs
- Crucially, you need to train your staff in secure document management and destruction. We champion the use of a ‘shred-all’ policy and ‘destruction at the source’ values to ensure that paper documents are securely destroyed on a regular basis
Prioritising information security by implementing the tips outlined above are easy and effective ways to help towards building an organisation a culture of total information security.
Find out more about creating a total security culture in your workplace. Does your organisation have any other ways of keeping confidential information secure? Join the conversation on information security with Shred-it on Twitter @Shredit_UK.