Data security is of utmost concern to all businesses and ensuring best practice amongst workers is key to maintaining confidentiality and preventing costly breaches and fraudulent activity. As we discussed in our previous article: Paperless Offices? We Still Prefer Working With Paper, our reliance on paper sees no signs of diminishing. It is estimated that the average office employee uses 10,000 sheets of copy paper every year. Leaked or lost information is most likely due to be as a result of human error or fraud, and so it is imperative that businesses and their staff adopt best practices in terms of disposing of confidential information.
The Ponemon Institute conducts independent research on privacy, data protection and information security polices in public and private sector businesses in the US. In a report they carried out in 2014, Security of Paper Records and Document Shredding, they found that employees were frequently leaving sensitive documents around communal printers, scanners and photocopiers. Workers admitted to disposing of confidential documents in general waste paper bins rather than confidential paper bins.
“Neglecting to secure your paper and digital records can compromise your organisation by putting valuable customer data and business intelligence at risk,” said Dr Larry Ponemon, the chairman and founder of the Ponemon Institute.
Fellowes, the office shredding equipment specialists have undertaken their own research and claim that senior management also fall foul of document security with 27% of employees having read copies of company plans and decisions left by managers on a photocopier or printer. Nearly a quarter of staff, 23% admitted to leaving papers on a public transport, 15% had left confidential material in a pub and a further 12% in a cafe or restaurant.
Fellowes’ Sales and Marketing Director Darryl Brunt states: “Whilst we understand the consequences of failing to increase security online with accounts, paper-based fraud seems to be a forgotten threat, especially within the workplace.“Employees are becoming far too complacent with the security of personal information. It is vitally important not to leave confidential files around the office”.
The security and destruction of digital information is a growing concern in its own right and the transfer of information via email, USB flash drives and cloud services to unauthorised individuals is one of the biggest threats to security in the workplace today. Individuals can print information they receive anywhere, from home printers, via mobile apps unless company procedures are managed effectively.
Best Practice Guidelines For Data Security
Shred-It, a company that specialises in document destruction for businesses state that whilst many large organisations have policies in place for storing and destroying confidential papers, over a quarter, 27% of SMEs do not have such procedures in place. They have produced a checklist for businesses that can assist them in compiling a data security strategy.
- Ensure employees receive regular training in data security including data protection laws.
- Make employees sign a confidentiality agreement and acknowledge they are aware of the business’s information security policy.
- Limit access to confidential information according to the employee’s role in the organisation.
- Use locked confidential paper waste bins and ensure they are placed in convenient places around the office to encourage use.
- Make sure mobile workers only take confidential information they need outside the office and that they return it for safe disposal.
- Change passwords regularly and protect monitors and mobile devices from prying eyes, (our previous article Fellowes Bring Privacy Solution to Shoulder Surfing also provides guidance on best practice for this growing problem).
- Implement Clean Desk Policy Never leave confidential and business sensitive documents on view outside office hours.
- Provide employees with a least one lockable drawer for them to keep confidential documents safe from prying eyes.
- Have a document shredding procedure or external shredding service in place. Fellowes state that 52% of UK employees are still failing to shred confidential or personal information before discarding.
- Promote a Shred All Policy. Shredding needs to be embedded within the company culture to ensure complacency does not lead to employees falling back into bad habits.
- Ensure that employees are trained to spot the signs of insider fraud and give them the confidence to report issues anonymously.
- Make adherence to the company information security policy part of the performance review process.
Does your business have an adequate data security policy in place? When did you last use the office shredder? Share your thoughts with us here on the Office Supplies Blog or on our twitter page using the hashtag #shredding.