Is document security part of your information security program?
Document security should be an integral part of your information security program.
Our economy increasingly depends on the availability of secure information. It would be safe to say that there isn’t a single aspect of our work lives that doesn’t rely on the creation, transfer, or protection of valuable data. And while much of that information is digital, not all of it is.
Paper is still part of the daily workflow.
If you think about the workflow of an average office employee, you’ll quickly realize that information regularly shows up in paper form throughout the day:
- review drafts of reports, presentations, and financials
- archival copies of contracts and agreements
- human resource applications, records, documentation, reviews
- training documents and manuals
- photocopies of important documentation
- meeting agendas and minutes
- bank statements and transaction records
- marketing strategies, plans, and resources
Even though most of these documents spend most of their lives as digital assets, at some point during their lifespan, they also exist on paper. It’s not uncommon to print a draft report for review or to photocopy a contract to keep on file. And as soon as they exist on paper, they become a significant risk to your organization’s information security. If confidential information can be seen, copied, or taken by someone with access to your office, you’re at increased risk of a breach.
And what makes matters potentially worse, by the end of the day, it’s estimated that at least 45% of these paper documents end up in the trash! If you’re not securely destroying confidential information when in paper form, even old drafts and working copies open your organization to risk.
The trash can and the recycling bin are not your friends.
We may think “out of sight is out of mind,” but that’s not really true when it comes to information security. Anything put into your trash can, can be taken out. Anything you rip up before dropping it into the recycling bin, can be reconstructed with a bit of time and patience. Only by having a robust document security program, to complement your information security, can you be certain all your information is truly secure.
Document security is more than paper shredding.
As soon as a paper document reaches the end of its usefulness, it needs to be securely destroyed; not put in the trash and not put in the recycling bin. But document security is more than paper shredding. It’s an end-to-end approach to document management, from creation to destruction.
Building a Document Security Program
Here’s what you need to do in order to build an effective document security program in your organization:
- Get an information security risk assessment – a great document security program starts with a comprehensive risk assessment. Conducted onsite by a trained document security consultant, this assessment identifies risk areas and provides recommendations to mitigate them.
- Provide awareness training – well-informed, trained employees can reduce your risk almost immediately. Create a culture of information security by teaching staff what to watch out for and what they can do to reduce your risk.
- Implement workplace privacy policies – policies and practices designed to protect paper documents specifically will help maintain your information security when confidential information is found in paper form. Implementing Document Management policies, Clean Desk policies, and Shred-it® All policies are good examples of effective workplace practices.
- Deploy secure, locked consoles throughout the workplace – When employees have to choose between what should be trashed, recycled, or shredded, they invariably make mistakes that could lead to an information breach. Make it easy on them by replacing trash cans and recycling bins with tamper-proof consoles and directing them to put ALL documents in one secure place.
- Destroy your documents on a regular schedule – those consoles will fill up fast. Make sure you engage with a reputable document destruction company who will collect and destroy your unused documents. Make sure they employ a secure chain of custody at every touch point and that they issue a Certificate of Destruction after every service to prove your compliance with required privacy legislation.
- Do periodic clear-outs – no matter how hard you try, paper will still pile up. Archival records in the storage room and filing cabinets are the two biggest culprits. But the document destruction company you hire for regular service will also come to your offices periodically to clear-out the overflow, decluttering the office and further reducing your risks.
Make it easy on yourself: hire a professional document security company.
If this looks like a lot of work, it is. But it’s also something you really can’t risk not doing, either. The good news is a reputable, industry-leading company can provide all these services for you, handling all the details and effectively reducing your organization’s risk of an information breach.