July 12, 2018
There’s been a lot of talk about going paperless and how it will change the workplace.
But the digital office isn’t here yet. And the one workplace policy it will not change is information security.
"Your mission is to secure confidential information whether it is paper or sitting in an electronic file,” Larry Ponemon, chairman of Ponemon Institute, told an audience of records management professionals.
In fact, the average office worker still uses 10,000 sheets of paper every year – and there continues to be a lot of file security issues.
According to the 2014 Security of Paper Records and Document Shredding Report by Ponemon, employees put documents at risk by leaving them around communal printers, in meeting rooms and at meetings held outside the office. Confidential documents can easily end up in unsecured waste paper bins too.
Digitised information needs better protection too. Confidential information can be viewed on computer and mobile device screens. Document images on photocopiers, printers and fax machine hard drives also increase the risk of a security breach.
The transmission of confidential information to unauthorised individuals is a growing problem. The fact that everyone wants to connect, and they want to do it anywhere and immediately is one of the biggest security issues in the workplace today, said Larry Ponemon in a Computer World UK article.
Employees download and send confidential documents using personal email, cloud services, USBs, and other mobile devices.
An earlier Ponemon study – Confidential Documents at Risk – showed that leaked or lost information is usually due to human error, hardware or software failure, and lost or stolen mobile devices.
Best practices include appointing someone to be in charge of data security and implementing a comprehensive document management policy.
According to our Developing a Document Management Policy Guide, the essential components of a policy include effective indexing throughout a file’s lifecycle, secure storage (for example, in locked cabinets or locked rooms), processes and tools that limit access, and ongoing training for employees.
Secure destruction of paper and digital documents is also important. Label all documents by how long they must be kept and when they should be destroyed in a retention schedule. To reduce risk, implement a Shred-it All Policy so all documents are destroyed when no longer needed for compliance or other reasons.
To securely shred paper documents, partner with a professional shredding service that has a secure chain of custody with locked storage containers and secure removal of documents for secure shredding.
Rather than stockpile old computers, schedule secure shredding of hard drives and e-media with your information shredding partner as well. The company should issue a Certificate of Shredding for auditable proof and protection after every shred.
How vulnerable is your workplace to information thieves? Track the lifecycle of a document to find out and learn how secure information destruction services can prevent your documents from falling into the wrong hands.