9 Ways to Improve Your Data Security

Posted  June 24, 2014  by  Shred-it

A recent story posted at Business News Daily discussed a comprehensive list of ways to improve IT security in 2014. While much of the article explains different IT-specific recommendations, the last two points address employees (“Your security plan should be confidential, but that doesn't mean you keep it a secret from your own staff.”) and corporate culture.

“Make it clear that security is everyone's job. You'd be surprised how seriously employees will take security when they find out it is part of their performance evaluation. Let them know the boss is watching, and that IT security also means job security.”

Actually, making data security a measured part of everyone’s job makes sense – and underlines the importance of bringing all employees on board. Whether employees are writing a report at their desktop, keeping in touch via mobile device, taking notes during a customer service call, or following a printed agenda in a meeting, it is critical that they are aware of the information they are handling and what risks – and damages to the business – could occur if it were lost. 

The average cost of a data breach to a company, according to the Ponemon Institute 2014 Cost of Data Breach Study: Global Analysis, sponsored by IBM, was $3.5 million in U.S. dollars. This was a 15% increase compared to what it cost last year.

Here are 9 ways to improve data security in the workplace – and help reduce the risk of a data breach.

  1. Corporate Culture. Make information security a part of corporate culture. Appoint a CISO (Chief Information Security Officer) and data security committee to be responsible for managing data security procedures. 
  2. Employee Training. As outlined in the Breach Report 2013: Protected Health Information (PHI) by Redspin: “Engage employees in building a culture of security through a process of frequent and engaging security awareness training, internal training, daily reminders, and visual workplace cues.”
  3. IT. Equip all computers with the latest firewalls, antivirus programs, spam detection and filtering software. Use data encryption, password protection, and other IT tools.
  4. Protect Mobile Devices. Ensure laptops, tablets, smartphones and other BYOD (bring your own device) devices that connect to the corporate network receive the same security treatment given to the corporate devices.
  5. Risk Assessment. Conduct an information security risk assessment on a regular basis to identify potential sources of data loss.
  6. Information Management. Store sensitive information securely. Establish guidelines based on legal requirements in your industry so when documents need to be destroyed they are identified. In some cases, limit employee access to information.
  7. Document Destruction. When information is no longer needed, dispose of it securely. Paper documents should be shredded by a document shredding company that provides locked storage bins as well as secure shredding on or off site. A shred-all policy is recommended so all documents that are no longer needed are destroyed. While 86%of businesses say they have secure document destruction policies in place only 40% have a system that is followed by employees. Here’s more information on document management best practices.
  8. Safe Disposal of Hardware. Ensure that all obsolete technology that contains information (servers, computers, USBs, hard drives), is fully destroyed. Your document destruction company should provide hard drive and e-media destruction services too.
  9. Supply chain. Partner with companies that have implemented information security policies and procedures too. 

For more information about data security, read the State of the Information Security Industry.

Request a Quote

Fill out the form below and we’ll contact you with a free quote within the hour! (Between 8:00am and 5:00pm, Mon - Fri)

Select Service

Company info

Your info

Additional Info