June 30, 2016
The headline of a recent infosecurity-magazine.com post blamed human error for almost two-thirds of the data breaches in the UK so far this year. In the article, a security expert noted that one of the key information security challenges facing companies is the vast amount of data, including paperwork, being handled by everyone.
Document security in the workplace has never been more important – and it’s not just about cyber threats. The average office worker today still uses 10,000 sheets of paper annually – or up to 45 sheets of paper every day.
Organisations should plan for what happens to all that paper when it is no longer needed, as part of their information security policy. Some organisations think that DIY shredding – purchasing a shredding machine and assigning employees to ‘destroy’ documents in-house – is the way to go.
But it’s not.
There are many hidden costs (financial and other) of using an office shredder.
Human error: With in-house shredding, employees often determine confidentiality levels of information – and there can be mistakes and costly breaches. Solutions: Partner with an experienced document destruction company that provides locked consoles for the collection and storage of documents that are no longer needed. Security trained experts remove documents for secure on or off site shredding.
Inefficiencies: Office shredders are often strip shredders – and these are the least secure because the strips can be reassembled. DIY shredding is also labour intensive. Paper must be fed into the shredding machine by hand, and staples, etc. usually have to be removed first. Solutions: Companies in Ponemon’s 2014 Security of Paper Records & Document Shredding study said it’s more effective to use an outside shredding service. A professional document destruction partner utilises crosscut shredding technology that turns paper into confetti-sized pieces. It also offers specialised shred sizes to meet industry requirements.
Insider fraud: In-house shredding can increase the opportunity for insider fraud. The 2015 Insider Threat Report from Vormetrics showed that globally, 89% of companies believe they are vulnerable to insider attacks. Solutions: A third-party destruction partner provides a secure chain of custody and scheduled destruction services. Open recycling bins are replaced by locked consoles; documents cannot be retrieved once they are inside. Implementing a Shred-it all Policy will also help.
Non-compliance: Data protection laws require timely document disposal with hefty fines for non-compliance. Most companies with in-house shredding do not have a verification process. Solutions: A professional shredding partner provides a Certificate of Destruction after every shred. Almost half of respondents in Ponemon’s study outsourced shredding services because “it ensures compliance with privacy and data protection regulations”.
Data breaches: Not having a document security plan increases the risk of a costly data breach. The 2016 Cost of Data Breach study: United Kingdom showed the average total cost of a data breach increased 6.5% percent over the previous two years to £2.53 million. The cost of each lost or stolen confidential record is now £102. Solutions: An experienced document destruction company tailors a document security plan to an organisation’s needs. Also, it’s important to teach employees the document security process including proper handling and disposal procedures.
A Clean Desk Policy is another important aspect of a document security plan to protect confidential documents from getting into the wrong hands.