Document Security: Are You Forgetting About Paper?
It seems that all you hear about these days is the risk of cyber data breaches.
But the paperless office has yet to come, and there’s still a lot of sensitive information on paper in the workplace.
Improper document management is still a problem too.
Organizations that do not take precautions to securely dispose of their hard-copy or paper documents face the likelihood of a data breach, concluded the Security of Paper Records & Document Shredding report published last year by Ponemon Institute.
The 2015 Data Security Incident Response Report by law firm BakerHostetler is a good example. It showed that one in five breaches that the firm handled in 2014 involved paper records. A story posted at dataprivacymonitor.com explained that old-fashioned dumpster diving was to blame because companies had improperly disposed of hard-copy personal information.
Here are five ways workplaces may be increasing the risk of a data breach with paper documents.
- No Document Destruction Policy: Without a formal document security policy, employees lack direction, procedures and commitment for protecting confidential data. Almost three-quarters of participants in 2015 Visual Hacking Experimental study knew about sensitive paper documents being lost or misplaced.
Solution: Create formal information security policies with specific instructions on how to protect sensitive information on paper. Provide on-going training.
- In-House Shredding: With an in-house shredding machine and no one person in charge, document destruction is not reliable. Solution: Partner with a document destruction company that has a secure chain of custody and provides regularly scheduled on- or off-site shredding. In the Ponemon study, 73% of respondents preferred to outsource shredding services because it is more effective.
- Open Recycling and Waste Bins: Tossing confidential data into open bins increases the risk of theft by information thieves – in and outside of the workplace.
Solution: Locked consoles for holding documents should be placed throughout the workplace by your document destruction partner. Last year’s State of the Industry Report showed that eliminating waste and recycling bins is one of the easiest ways to reduce the risk of a security breach.
- Employees Sorting Documents: When employees are responsible for determining whether documents are ‘confidential’ or not, there is an increased risk of a data breach. Experian’s 2015 Data Breach Industry Forecast reported that employees and negligence are the leading cause of security incidents but remain the least reported issue.
Solution: Implement a Shred-All Policy, which requires that all documents are securely destroyed when they are no longer needed. It essentially removes decision-making from employees. The policy will also simplify the disposal process and embed secure document handling into the workplace.
- Third-Party Solutions: The risk of a data breach increases when contractors and third parties handle a company’s confidential information. In fact, the Security of Paper Records & Document Shredding report showed that the main security threat in the protection of paper documents is mostly the negligent employee – or third party.
Solution: Have an evaluation process to make sure contractors and third-party vendors are committed to information security. Tightly control access to your organization’s sensitive information.
Use our Document Management e-Book to find out best practices for document management.