Your Information Security Plan: How to Make 2015 a Banner Year

With almost half (43%) of organizations surveyed in a study by Ponemon having suffered at least one security incident this year, it’s a good time to assess and improve information security policies in the workplace.

Here are 12 best practices that target data security.  

1. Put information security in the budget. Shred-it’s 2014 State of the Industry Report: Information Security showed that while legislation is being strengthened to protect consumers, business owners are deprioritizng information security.
2. Do a security risk assessment to identify where your company may be at risk of becoming a victim of fraud or identity theft. Do this regularly.
3. Appoint someone to be in charge of information security. As a blogger at securityintelligence.com points out, information security is not simply technology problems. “The CISO must drive the information technology and security education of the workforce.”
4. Adopt a culture of security that sets the tone from the top down that information security is a priority. Policies and procedures should include comprehensive compliance standards. All suppliers, including your shredding services partner, should have procedures in place that maintain information security too.
5. Provide employees with on-going information security training. According to 2013 Ponemon research, employees and negligence were responsible for 59% of security incidents. Training must target unsafe employee practices.
6. Create best practices for your mobile workforce. Time and again security experts cite the importance of secure work habits of employees who work outside of the office.
7. Monitor privacy legislation that affects your business, and work with third-party suppliers who do too.
8. Invest in the most up-to-date IT system tools to detect and reduce the risk of security vulnerabilities. Cyber security needs change constantly. For example, a malware infection is being blamed for the recent Sony breach. Reports say this malware has not targeted businesses based in the U.S. yet although firms in the Middle East and Asia have experienced attacks.
9. Make information security of both electronic information and paper documents a seamless part of the workplace. Create a document management process with clear retention and destruction procedures. Implement a Clean Desk Policy. Partner with a document shredding supplier that provides locked consoles for easy disposal of sensitive documents or electronic media.
10. Introduce a shred-all policy so that all documents are securely destroyed when they are no longer needed – and employees don’t have to decide which documents contain confidential information.
11. Don’t stockpile old electronic equipment. Research has shown the only way to guarantee destruction of information on data storage devices is to destroy them. Speak to your document destruction services provider about e-media and hard drive destruction.  
12. Create an emergency response plan. Industry experts say it’s also important to practice putting the plan into action so that all employees know what to do in the event of a breach.

Find out the information security issues that are specific to small businesses by downloading The Small Business Guide to Document Security.