January 19, 2016
When it comes to confidential data, the focus today is on safeguarding against cyber data breaches. But information security is not just a high-tech problem.
In fact, a recent cyber assessment by the Office of Management and Budget showed that one of the biggest information security risks for federal agencies is paper. One quarter of reported incidents in 2014 involved the possible mishandling of hard copies or printed materials.
A data breach, including those caused by lost, stolen and misdirected paper documents, has financial, reputational, and legal repercussions.
There's still lots of paper
Despite paperless office forecasts, Ponemon research showed that over half of a company’s sensitive information is on paper.
The average office worker uses 10,000 sheets of copy paper every year, according to the 2015 State of the Industry Information Security report by Shred-it.
Consider that “only our most sacred and personal documents ever make it off the screen and onto paper,” stated a record.net article. And, even as employers switch to digital, many just double up, keeping paper backups as well, according to a reader comment at hrdailyadvisor.com.
All physical records containing private information should be locked in a secure location; backups should be encrypted and off-site.
The new dumpster divers
A new environmentally-conscious dumpster diver is drawing attention to everything found in dumpsters. These people are garbage picking for resalable equipment and food. But you can bet they find confidential information too.
Intact documents should never be put into the garbage. Replace garbage bins with special locked security consoles for disposing of confidential documents.
Other office equipment
According to the State of the Industry report, paper remains a core component of office life, and there are still printers, fax machines, photocopiers and other devices in offices that increase breach risk.
Employees still toss confidential information into garbage or open recycling bins. Also, the Ponemon research showed that careless employees leave documents at communal printers and elsewhere.
Establish a written policy about data security, and communicate it to all employees. Implement a Shred-it all policy so that all documents must be securely destroyed when they are no longer needed.
Visual hacking has been attracting attention. This is when seemingly legitimate visitors wander around an office taking pictures of sensitive information or stealing data right off someone’s desk.
Authorize and escort all visitors whether they are service personnel, maintenance workers, or delivery people. A Clean Desk Policy is recommended too.
Professional shredding is a game changer
In earlier Ponemon research, almost one-third of respondents said that paper documents were most at risk for information breach while awaiting disposal or shredding.
Outsource document destruction, partnering with a reliable shredding company that has a secure chain of custody and secure on-site or off-site shredding.
It’s important to identify where data breaches may occur in the workplace – and to take necessary steps to safeguard confidential information.