Shred-it-all Policy: What’s Really At Stake Without One?
With first quarter results in, many organizations may be looking at their data security policy for ways to improve operational efficiencies.
One of the simplest ways is to implement a Shred-it-all Policy. This is a company-wide directive for secure shredding of all paper documents when they are no longer needed.
According to research by software developer Nitro, 61% of data breaches in companies of less than 500 employees involve paper records. At the same time, it’s estimated that employees handle about 10,000 sheets of paper documents a year.
What’s at stake without a Shred-it-all Policy?
Organizations handle a wide range of confidential information (from names and addresses to Social Security numbers and credit and debit card numbers), and information thieves use this data for identity theft and to steal money and other information. Almost half of organizations experienced at least one security incident in the last 12 months, according to Experian’s 2015 Second Annual Data Breach Industry Forecast.
The 2015 Cost of Data Breach Study: United States from Ponemon showed that data breaches cost an average of $217 per compromised record – $143 in indirect costs like churn of customers and $74 in costs to resolve the data breach.
Protecting confidential information is the law. There are penalties and fines for non-compliance of various privacy laws.
The 2015 Cost of Data Breach Study showed that negligent employees caused 19% of data breaches. A Shred-it-all Policy is one of the easiest ways to reduce employee error. The policy takes decisions out of employees’ hands as to whether or not documents contain confidential information. (Criminal insiders [employees, contractors or other third parties] and hackers are responsible for malicious attacks, which accounted for 49% of all data breaches in the study).
Sorting through files and documents is time-consuming. A GfK Roper survey in 2010 showed that employees lose about 38 working hours each year looking for misplaced items in the office. A Clean Desk Policy and a Shred-it-all Policy will help keep desks tidier - and information easier to find.
The best case scenario is to partner with a shredding service that recycles paper after it has been securely destroyed. Shred-it issues annual Environmental Certificates to customers that show how many trees were saved through recycling (one tree for every two document consoles full of paper).
A workplace that still has open recycling bins and trash cans is sending the wrong message about information security. As part of a comprehensive information security policy, bins should be replaced with locked consoles for paper documents that are no longer needed. Then, stored documents are regularly removed for secure on- or off-site shredding.
The goal of a document management program is to protect confidential information throughout its lifetime, from creation to destruction. Implementing a Shred-it-all Policy and in effect embedding secure document destruction into the workplace will make it a standard workplace process.
One of the most effective strategies organizations can use to protect confidential information is to focus on the fundamentals.