May 24, 2016

Paperless Office: What You Need to Know About Security

The UK government recently announced plans to “bring the National Health Service (NHS) into the digital age” by converting to a paperless office.

Digitizing records and providing ways for patients and healthcare providers to connect online will be beneficial in so many ways, according to NHS officials in online articles. Patients will be able to book services and order prescriptions online, and they will be able to access apps and digital tools to help with medical issues and conditions.

Of course, security will have to be a huge part of the equation too.

While healthcare particularly is a target (last year, cyber criminals attacked the healthcare industry more than any other sector, according to the 2016 Cyber Security Intelligence Index), implementing security procedures and safeguards is important in any industry sector.

A paperless office is still an office that needs to prioritize information security. Global security experts say that in any workplace, it comes down to hard drive security, and managing all confidential information securely from creation to destruction.

Here’s what workplaces need to know.  

  • Optics: Out-of-sight (stored in a computer) is not out-of-mind for cyber criminals. Instead of breaking in and physically stealing boxes of paper documents, thieves hack into computer systems to steal information.
     
  • Document managementGoing paperless requires a standard process for documents as they are created, saved, organized, and stored – and document management software is designed to provide these solutions. Be sure retrieval is simple yet every document should also be protected with appropriate safeguards such as firewalls. Employees should be able to access only the documents that they need to do their jobs.  
     
  • Compliance: Different privacy laws govern safeguarding standards of confidential information. For example, some industries have federal guidelines for storing email communications. There should be a retention schedule and an archiving process so information is safe but can be readily searched and supplied.
     
  • Conversion:  Implement a plan to convert every document in the office to a digital file. Once the appropriate amount of time has passed, the paper document should be securely shredded by a document destruction partner. Ponemon research has shown that over half of a company’s sensitive information is still on paper.
     
  • Transmission: Equip all devices with up-to-date security for secure sharing. Provide employees with on-going safety awareness training. For example, always use secure networks for transmission of confidential information. Also, mobile devices should be regularly scanned for viruses and malware.
     
  • Hard drive shredding: Whether digital data is no longer needed or hard drives are obsolete or dated, it is important to be sure that confidential data is securely destroyed. Erasing hard drives does not guarantee the data is gone. Physical hard drive destruction is the only 100% secure way to destroy information on hard drives. Use a third-party provider that has a secure chain of custody and confirms destruction. Ensure that obsolete mobile devices are properly disposed of too.  

A paperless office does not solve the problem of internal fraud. Learn all the signs and signals – and then implement solutions including hard drive security to lower the risk.