Paper or Digital: How Format Affects Information Security
There’s been a lot of talk about going paperless and how it will change the workplace.
But the digital office isn’t here yet. And the one workplace policy it won’t change is information security.
"Your mission is to secure confidential information whether it’s paper or sitting in an electronic file,” Larry Ponemon, chairman of Ponemon Institute, told an audience of records management professionals at a conference a few years ago.
In fact, the average office worker still uses 10,000 sheets of copy paper every year – and there continues to be lots of security issues.
According to the 2014 Security of Paper Records & Document Shredding report by Ponemon, employees put documents at risk by leaving them around communal printers, in meeting rooms and at meetings held outside the office.
Paper documents end up in dumpsters too. In recent research, almost 2/3 of IT security practitioners say dumpster diving for confidential information is still very common – and successful.
At the same time, the 2015 Shred-it Security Tracker showed that while larger organizations are increasingly putting protocols in place for storing and disposing of confidential information, 37% of small business owners do not have any protocols.
Digitized information needs better protection too. Confidential information can be viewed on computer and mobile device screens. Document images on copying machines, printers and fax machines also increase the risk of a security breach.
The transmission of confidential information to unauthorized individuals is red-flagged in the 2013 white paper, Document Security and Compliance, by InfoTrends.
The fact that everyone wants to connect, and they want to do it anywhere and immediately is one of the biggest security issues in the workplace today, said Larry Ponemon in a Computer World UK story.
Employees download and send confidential documents using personal email, cloud services, USBs, and other mobile devices.
An earlier Ponemon study – Confidential Documents at Risk – showed that leaked or lost information is due to human error, hardware or software failure, and lost or stolen mobile devices.
Best practices include appointing someone to be in charge of data security and implementing a comprehensive document management policy.
According to our Developing a Document Management Policy, the essential components of a policy include effective indexing throughout a file’s lifecycle, secure storage (for example, in locked cabinets or locked rooms), processes and tools that limit access, and on-going training for employees.
Secure destruction of paper and digital documents is also important. Label all documents by how long they must be kept and when they should be destroyed in a retention schedule. To reduce risk, implement a Shred-all Policy so all documents are destroyed when no longer needed for compliance or other reasons.
To securely destroy paper documents, partner with a professional destruction service that has a secure chain of custody with supplied locked containers and secure removal of documents for secure shredding.
Rather than stockpile old computers, schedule secure destruction of hard drives and e-media with your information destruction partner as well. The company should issue a Certificate of Destruction for legal proof and protection after every shred.
How vulnerable is your workplace to information thieves? Track the lifecycle of a document to find out and learn how secure information destruction services can prevent your documents from falling into the wrong hands.