October 08, 2019

Guest Blog: The Insider Threat to Paper Documents

The inability to secure confidential documents in the workplace from both inadvertent and malicious insiders is a threat to all organizations. To understand organizations’ strategies for the protection of documents, Shred-it sponsored research conducted by Ponemon Institute and surveyed 650 individuals who work in both IT security and non-IT positions in North American organizations. The research reveals organizations’ security gaps in their ability to prevent a data breach involving paper documents.  Based on these findings, we recommend taking the following steps.

Assign centralized responsibility for securing and granting access to confidential information. 

Currently, there is a security disconnect in the protection of confidential documents. The chief information security officer and chief security officer are most responsible for protecting confidential information. However, they rarely have responsibility for granting access to paper documents or electronic devices containing sensitive or confidential information. Having such centralized control will help increase visibility into the access employees have to confidential information.

Train employees about the secure disposal of confidential documents.

According to the research, only 45 percent of respondents say their organizations have a process for disposing of paper documents containing sensitive or confidential information after they are no longer needed. Less than half (46 percent of respondents) say their organizations are training employees about the steps they should be taking to ensure documents are appropriately disposed of. Furthermore, very few respondents say their organizations automate restrictions to print from specific devices and to print specific files, 29 percent and 27 percent, respectively.

Require employees and contractors to take basic precautions to prevent the loss or theft of confidetial documents.

Confidential documents are not secure because few organizations are requiring employees and contractors to lock their desks and file cabinets (38 percent of respondents). Only 33 percent of respondents say they prevent unauthorized access to document storage facilities and 31 percent of respondents say a clean desk policy is enforced.
Establish and enforce policies that ensure confidential documents are not left in plain sight. 

Sixty-five percent of respondents are concerned that employees or contractors have printed and left behind a document that could lead to a data breach. Even more respondents (71 percent) admit they have picked up or seen a paper document in a public space that contained sensitive or confidential information. This also includes shredding documents when there is no need to keep them.
Before you hit send, make sure you are emailing documents to the right person. 

According to the research, sensitive or confidential information is exposed because of sending and receiving emails not intended for the recipient. Seventy-seven percent of respondents admit to sending emails containing sensitive or confidential information to the wrong person. Eighty-eight percent of respondents say they have received such emails.
The key takeaway from this research is to not underestimate the risk created by papers and documents circulating throughout the workplace. The good news is that a data breach is not inevitable. As discussed above, there are specific steps that can be taken to significantly reduce the threat. To improve your security posture involving paper documents, we hope you will read the report, The Security of Confidential Documents in the Workplace. The link to download the report is here.