November 26, 2014

Don’t Let Confidential Information Get Gobbled Up This Thanksgiving

Thanksgiving marks the start of the holiday season, and with it, lots of distractions for employees.

Of course, that’s not good news when it comes to information security.

The risk of a security breach incident increases when employees use company computers to plan their social activities and shop, for example, or when they get careless with company information outside of the office.

Rather than provide criminals such as identity thieves with an opportunity to feast on private information, here is a review of document management best practices with a spotlight on the importance of secure destruction.

• Put a comprehensive document management policy in place. Every document that contains confidential information should be tracked and secured. Limit access to employees who need the information to do their jobs.
• Train staff. According to a Trend Micro-sponsored Ponemon Institute study, employee negligence is the top data security risk in small businesses. Regular staff training about document management and destruction services is critical. It’s also important to designate someone to be responsible for information security and ensuring employees follow policies and procedures.
• Be compliant with all the privacy laws and legislation in your industry. For organizations in the healthcare field for example, the Health Insurance Portability and Accountability Act (HIPAA), requires that all patient information be properly destroyed when no longer needed. Partner with a document destruction company that understands privacy legislation.
• Include specific training for the mobile workforce. The Trend Micro research also showed that 56% of employees frequently store sensitive data on their laptops, smart phones, tablets and other mobile devices – which puts it at risk. To protect information on electronic devices, employees should be trained to remove only the information they need to do their job from the workplace, return all documents for safe and secure disposal, protect devices and information in public places, and use technology safeguards such as encryption software on storage devices.
• Always shred before recycling. Open recycling bins in the office can be a security risk. Unguarded paper in recycling containers can be misplaced or stolen, or it can fall out of the truck during transport.
• Partner with a document shredding company that has a secure chain of custody. Services should include providing locked containers for the workplace, secure shredding on or off site, and a certificate of destruction after every shred.
• Implement a shred-all policy. Many breaches are caused by employee negligence. Shredding all documents that are no longer needed helps avoid the risk of human error in determining what needs to be shredded.
• Hard drive and e-media destruction must be part of destruction services. Deleting or wiping sensitive data from computers does not guarantee its destruction. Research has shown sensitive information that had been deleted or erased on hard drives can be recovered. Crushing or shredding hard drives and e-media is the most secure way to permanently destroy the data.

The holiday season should be productive, fun and secure in the workplace. Keep lines of communication open, cut employees some slack, and be sure information security and destruction services are firmly in place.