In today’s competitive environment, securing your data is critical and not just your online data that has been shown to be easily accessible by the right individuals but you also need to think about your documents – the pieces of paper that we still rely on.
I read an interesting article on ARS Technica the other day about AT&T Fined $25m for Data Breach after employees at an outsourced call center stole and subsequently sold customer data. While outsourcing is popular, how do you know how your data is being handled? Is someone making note of the data? Are there any safeguards in place to monitor (abnormal) data usage/queries?
In recent years another trend has been BYOD or Bring Your Own Device. While this may appear to cut costs for companies trying to eek out higher and higher returns and profits BYOD brings with it many hurdles for IT departments. Just search Google for the risks and benefits of BYOD to read both sides of the discussion.
Fact is we still rely on paper, and print out documents to simply pass them around and finally they end up in the garbage or recycle bin (hopefully in the recycle bin). But that paper could be gold in the right hands – paper creates risk.
According to DataLossDB (DataLossDB – Open Security Foundation), statistics published found that incorrect document disposal accounted for 6% of data breaches, e-mail accounted for 3%and stolen computer or laptop accounted for 14%. So paper handling while seemingly insignificant accounted for 6% of data breaches.
Who was committing these breached? Insiders – when looking at incidents by vector, accidental breaches by organization insiders accounted for 18% of the breaches. While the statistics do not point out what information is breached or how your people are part of the risk equation.
Overall the trend (according to DataLossDB) seems to be going down in terms of data breaches. Since 2006 data breaches escalated to a high point in 2012 from 643 reported to over 1,660. In 2015 that number fell to 1,037 – so either we are getting better at protecting our data or fewer organizations are reporting their breaches, hopefully the former. Public companies may report on data breaches to protect their customers (such as Target, Adobe HomeDepot US) but smaller companies and private companies are probably not reporting these breaches.
Document security – not just digital security but paper – needs to be an important part of your overall risk strategy, consider the type of documentation your business may be producing:
- Sales figures and presentations
- Employee information
- Business strategy
- Plans, designs and blueprints
- Proprietary procedures, processes and methodologies
- Legal documents
- Training documentation
While at first glance these may not seem important, but they can be. Consider presentations that are given for internal use, information found on these might be valuable to competitors or may provide insight into how the company is run and open the door for competition where there may be little to none currently.
Contracts are also critical, since they generally provide the key working information for all parties involved, including such confidential items such as pricing, or terms. Contracts may also include information about insurance, subcontracting and may even list client information.
Securing and destroying paper is critical in any business, and like every other asset should be handled correctly.
Destroying paper securely should be an easy proposition, but consider what you are doing today:
- Is it being put into the general recycle box?
- Are you using secure recycling services?
- Do you use a commercial grade cross-cut shredder?
- Do you just throw it out?
The simplest, and most cost effective method is to use a shredder, for business use a good quality cross-cut shredder should not cost more than $1,000.00.
If you decide to use a recycling service, ensure that it is a secure service rather that putting paper into your local municipalities recycling program.
It is also a good idea to put in guidelines for what type of documentation should be printed, and how it should be handled – what may seem like common sense can sometimes be far from it.
You may want to consider putting your networked printers behind a password for the general office so that all requests to print can be monitored
If you move to a paperless office, then ensure you have the right tools for your employees to make that leap. Online document storage and management allows you to track who is looking at documentation that may be critical to your business operations. Tools like PDF creators allow employees to convert their Office documents to more secure PDF formats that can contain encryption and a higher level of password protection.
Data security isn’t only protecting your online data – but also protecting the offline data, namely the paper that is being pushed.