June 14, 2016

Document Security: Surprising Risks in a Document’s Lifecycle

There was a time when all documents in a workplace were thrown into the garbage can or recycling bin – and forgotten.

But not anymore.

This kind of process creates huge risks in document security.

Here are the key ‘touchpoints’ in the document lifecycle where confidential information can get into the wrong hands and how your workplace can eliminate these risks:

  • Handling. The risk of a data breach increases when confidential documents are left out in the open – on an employee’s desk or left behind in a meeting room or a photo copy machine. Solutions: Comprehensive document management protects information from creation to destruction. Implement a Clean Desk Policy too so that all confidential information is protected in and out of the workplace. Employee access should be based on job requirements. Label documents to be stored by what they contain and when they must be destroyed. Secure storage is key – lock information in a data room or file cabinet.
  • Recycling bins. When documents are put into open recycling bins, anyone can record or steal the confidential information. According to the 2015 Third Annual Data Breach Preparedness Study by Ponemon, 55% of organizations have reported a security incident or data breach due to a malicious or negligent employee. Solutions: Improve document security management by replacing open recycling bins with locked consoles for documents that are no longer needed. The consoles should have beveled slots so documents cannot be retrieved. Experts also recommend a Shred-it-all Policy so that all documents are sent for secure destruction – to simplify the process and to remove the risk of employee error.
  • Third-parties. There are potential risks associated with partners, vendors, and other third parties. Janitorial staff, for example, may transfer documents in recycling bins to larger bins – and this can expose confidential information. Furthermore, over the last several years, many large data breaches have been traced back to successful attacks on third-party service providers, partners, suppliers, and vendors. Solutions: Monitor third parties for their commitment to security and best practices. The 2015 Cost of Data Breach Study: Global Analysis showed that third party involvement increases the cost of a data breach by $16 from $154 to $170.
  • Outside recycling or garbage bins. Any confidential information in outdoor bins is of interest to dumpster divers. Dumpster diving is not illegal unless the dumpster or garbage bin is in an enclosed area or on private property. Solutions: Partner with a document destruction company that securely shreds all confidential information when it is no longer needed.   
  • Transport. When intact confidential information is trucked to a waste or sorting station, it can get into the wrong hands at any point along the way. Solutions: Partner with a reliable document destruction company that has a secure chain of custody including security trained personnel who remove contents from locked consoles on a regular basis. All Shred-it employees, for example, undergo training to achieve a Certified Information Security Professional designation.
  • Recycling process. Information is exposed repeatedly when sent to a recycling depot. Solutions: Partner with a company that recycles paper after shredding it. Customers should receive a Certificate of Destruction after every shred.  

Recycling bins aren’t the only risk for office fraud. Find out other areas where your workplace could be vulnerable.