March 29, 2016
Make No Mistake: Office Security Demands Critical Best Practices
Some experts have suggested that the amount of information everyone has to process doubles every year, of course, that’s just one of the office security challenges that organizations now face.
A growing mobile workforce has changed the workplace forever. Plus, there are different privacy laws that continue to evolve with fines and other damages if they’re not adhered to.
It’s no wonder that almost three-quarters of respondents in the Global Insights on Document Security 2014 report by Ponemon identified document security as a critical component of protecting the confidentiality, integrity, authenticity, access, and availability of information.
Here are some of the most important aspects of an office security plan.
Storage: Information in both digital and paper formats must be securely stored.
- Security technologies such as passwords and data encryption on all hard drives are key. A recent AIIM (Global Community of Information Professionals) study showed that while 64% of respondents encrypt all Personally Identifiable Information (PII), only 38% encrypt email addresses, and 25% of those storing credit card details do not encrypt them.
- Provide lockable storage for digital and paper documents.
- Only those employees that need certain information to do their job should have access to it.
- When working off-site, remove only what’s necessary, in terms of confidential information, to do the job.
- Have a sign-out system for USBs and other storage devices.
Sharing: Any type of sharing of information can increase the risk of a data breach.
- Develop a comprehensive BYOD Policy.
- Provide guidelines on the appropriate use of social networking sites (SNS). Criminals research these sites for personal information that can be used in phishing attacks.
- Never leave confidential information unattended at printers.
- At end of life, destroy all hard drives including those in copy machines. Wiping or erasing them is not a guarantee that information is destroyed. Partner with a professional shredding company that provides hard drive destruction.
- Vet security policies of all business partners and third-parties.
Handling: Many employees handle confidential information as part of their jobs.
- Implement a Clean Desk Policy so confidential information in the workplace is always protected.
- Address security in meeting rooms. For example, confidential information should never be left on whiteboards.
- Educate employees on how to protect information out of the office too.
Retention: Data retention laws vary and need to be monitored.
- Create retention schedules for all documents.
- Securely dispose of information at the end of its life. Partner with a shredding company that provides locked consoles for storing documents, on or off-site document destruction, and secure recycling.
- Implement a Shred-it-all Policy, which eliminates guesswork by employees about what is or isn’t confidential.
Training: Education should be at the heart of every information security program.
- Training must be on-going.
- Create a culture of security from the top down.
- Utilize people-centric strategies that emphasize individual accountability. The Global Insights paper reports this is a most effective safeguarding strategy.