How 'Spring Cleaning' Your Document Destruction Policy Can Help Safeguard Confidential Data
In this issue we will examine the realities of document security within businesses and how "spring cleaning" your document destruction policy can help keep your company on track with its sensitive information disposal processes.
According to Ponemon Institute LLC, approximately 85 percent of all U.S. companies have experienced one or more data breaches, and the figure may be larger because many don't have the ability to detect when information has been exposed. The potential expense of losing customers to a security breach is prompting U.S. companies to spend more on bolstering their systems 1.
For many businesses, setting a schedule for clearing out old files can help get rid of outdated or unnecessary documents and clear up space around the office. However, this practice can also help any business, large or small, reduce their risk of exposing confidential data. Businesses should apply a "spring cleaning" policy to their own business practice to ensure that old, outdated and unwanted files and or papers are securely destroyed. Doing so will help organizations avoid exposing confidential information that can increase the risk of fraud, data breaches or identity theft that could result for their company, their customers or even their own employees.
Many businesses are required by law to keep confidential client information, as well as employee or company data for a minimum amount of time. There are numerous business records that should be held on to for a minimum of seven years, which can include employee agreements, business loan documentation, litigation records, as well as general expense reports and records including overhead expenses and professional consultation fees 2.
Other documents may be kept for shorter, longer or an indefinite period of time and it's important to know what legal requirements are enforced for your industry to not only stay compliant, but to also dispose of documents you may no longer need. Regularly maintaining filing cabinets and securely disposing of old documents can help minimize risk of sensitive information falling into the wrong hands. The risks of keeping old documents containing sensitive data can be high – resulting in identity theft, fraud and potential financial loss or reputational damage.
Here are some tips for how your company can implement organizational information security policies for employees:
- Create a retention policy: Determine which documents need to be kept and for how long. Limit the number of personnel who have access to files and storage closets and practice a company-wide commitment to this practice.
- Clearly mark a destruction date: The destruction date should be clearly marked on all records that are in storage. All file boxes should contain complete lists of their contents in a visible spot on the outside of the box so it is easily identifiable.
- Hire a reliable third-party vendor for your document destruction needs that will provide you with a certificate of destruction upon completion and also provide an opportunity for this material to be recycled once destroyed
- Out with the old, in with the new. Implement document destruction processes on a regular basis. Overhauling your current disposal process with a commitment to continuously destroying confidential data in a secure manner is one of the ways to mitigate the risks associated with data breaches.
Paper: Don't throw old papers or files into the recycling bin. Loose paper is often unattended before it has been recycled and can leave your organization vulnerable to potential security breaches. Papers in recycling bins can be misplaced or stolen. Instead, ensure you dispose of loose paper in a secure, locked console that cannot be accessed until it is ready to be shredded by a reliable professional.
Electronic sources: Erasing disks and drives is no guarantee that the data will be wholly eliminated. Physical destruction, rendering the object unreadable by any machine is the safest option.
Shred-all: Implementing a "shred-all" policy for the disposal process when all unneeded documents are fully destroyed on a regular basis. This dramatically minimizes any potential risk or exposure.
Developing a clear set of guidelines and aligning the disposal policies throughout the business will ensure that the decision to destroy is taken out of the hands of individual employees and will minimize the risk of a data breach for the organization. Whether intentional or unintentional, leaked information can be preyed upon by criminal groups in order to commit fraud and identity theft crimes. It is important to maintain regular secure disposal of paper waste, proper organization and maintenance of stored records as well as an efficient and sound process for destroying outdated records that are no longer needed.
With the Spring season now officially underway, it's a good time to apply the concept of "spring cleaning" to business polices to ensure outdated or unwanted documents are securely disposed of and to help stay on track with sensitive information policies.
To learn more about Shred-it services or to book your FREE security assessment, visit www.shredit.com.