The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
As the world leader in paper shredding, we ensure your documents are securely destroyed.
Hard drives could cost you millions in a data breach. Physically destroy your electronic data.
Stay ahead of legal or regulatory risks with our easy, online compliance training.
Get a Quote
Back To Information Security Resources
In this issue, we will discuss how implementing and enforcing document security protocols can help an organization maintain trust with both internal and external stakeholders
Reputation is an important asset - a powerful, yet intangible and fragile one that serves as a magnet, attracting attention and often new business. While most businesses work hard to build and maintain a positive reputation with stakeholders, many underestimate how severely a data breach could undermine these efforts, potentially causing the public to lose trust in the organization and long-term damage to the brand. With this in mind, the protection of business, employee and customer information should be of vital concern to all organizations.
Ayuda Medical Case Management case study
In January 2012, Texas’ Ayuda Medical Case Management had nearly 2,000 documents compromised when boxes containing the files were found in a local dumpster1. The files contained patient information, including medical conditions and treatments, names, addresses, phone numbers, and Social Security numbers.
Ayuda’s owner had stored these sensitive documents in a storage unit, but did not continue to make payments on the unit, bringing the unit to auction2. The storage company, in auctioning off the unit, was auctioning the personal data of Ayuda clients. Once purchased, the new owner likely disposed of the boxes to clear out the storage unit. Ayuda’s owner said that he was not aware that the unit had been auctioned off, despite knowing that he no longer was making payments. His lack of action to remove those documents, knowing that he was not paying to keep the storage unit, led to the data of thousands being exposed.
It may be shocking that in today’s privacy-conscious climate that documents are still being disposed of carelessly. This newsletter sheds light on the lack of understanding present among many employees around the importance of document destruction and the need to instill regulated practices to protect information security. According to the Ponemon Institute, 41 per cent of data breaches occur as a result of negligence, making it the leading cause3. The Ayuda Medical Case Management incident, like many others, brought negative attention and scrutiny to the offending organization, with police investigations and media coverage, all of which could have been prevented with greater employee awareness and/or increased regulation around information security.
Implementing proper document destruction protocols that are understood and adhered to by all employees is essential in protecting against identity theft and the reputational damage that can result from a security breach. Yet the results from the 2012 Shred-it Information Security Tracker show that regardless of size, organizations are not doing enough to make document security part of their business culture. In particular, only 50 per cent of small businesses have an employee responsible for managing data security issues and just 58 per cent have developed document security protocols4.
However, while large businesses are more likely to put document security procedures in place, they are not faring much better than smaller organizations when it comes to awareness of internal data security policies. While 95 percent of C-suite employees responded that they are at least somewhat aware of the legal requirements concerning confidential data and 96 percent have an employee directly responsible for managing data security, 54 percent reported that not all of their employees are aware of the existing protocols for storing and disposing confidential data. Similarly, 49 percent of small businesses reported that their employees are not aware of existing protocols and 8 percent were unsure of their employees’ level of knowledge.
Theft can occur when employees leave documents or electronic devices, like old computers or memory sticks, exposed or throw them in the recycling bin or garbage. Fraudsters have become increasingly determined and will retrieve confidential data through means such as dumpster diving or hacking wiped hard drives. This means that companies needs to make sure that not only are they safely storing data, but that they are educating their employees on how best to securely dispose of it as well.
With identity theft and security breaches making headlines regularly, consumers are keenly aware of how easily personal information can be compromised and have the expectation that the organizations entrusted with their information are taking proactive measures to protect their confidential data.
The bulk of data breaches, whether malicious or accidental, happen internally within an organization. As such, an information security policy is only as strong as the employees that adhere to it. As fraud and identity theft continue to be a reality in today’s business world, it is crucial for organizations to take proactive measures against these threats in order to maintain stakeholder trust.
When assessing whether it has effectively cultivated a culture of security within the organization, a business should ask itself the following questions:
If employees fail to understand the importance of following document security protocols, businesses are putting themselves and their customers at risk of identity theft. It is the responsibility of every organization, large and small, to take proactive steps to ensure that client and company information is adequately safeguarded. In doing so, a business protects not only its clients but also its reputation.
Shred-it has developed a survey to help businesses better understand security gaps. Conduct your own security self-assessment.
To learn more about Shred-it services or to book your FREE security assessment visit www.shredit.com.
You can also visit Shred-it on Facebook and LinkedIn or follow us on Twitter at @Shredit.
Stay informed with the latest in information security news and promotions.
Fill out the form or call 888.750.6450 to start protecting your business today!