October’s the time of year when businesses are looking at budgets, contracts and plans for 2017. This means handling a lot of confidential information. But if companies don’t know information security fact from fiction, their private data is at risk, warns a shredding contract company.
Understanding and prioritising information security is critical to business success, as data breaches significantly damage reputation and the bottom line. Why risk it? To help put information security at the forefront of 2017 planning, Shred-it is taking five commonly-held myths.
Myth one: Confidential information can be thrown into a wastepaper or recycling bin as long as it’s torn into little pieces
If you think tearing up confidential documents before disposing of them removes the risk of a security threat, then think again. The reality is that it is much easier to reconstruct torn up documents than you may think – even documents that have been through a workplace strip-cut shredder. Anything confidential from employee payslips to invoices, from emails to meeting agendas are in danger of being targeted by fraudsters. Put a ‘Shred-it All’ Policy in place – a company-wide instruction that all paper documents should be securely cross-cut shredded when they are no longer needed. This policy reduces the likelihood of employees making a mistake, as any choice or uncertainty around what needs to be destroyed is removed. You can rest easy in the knowledge that any risk of ‘destroyed documents’ being craftily reassembled is gone!
Myth two: Keeping documents on my desk at work is safe.
We’ve all been guilty of allowing our desk or work area to become cluttered and chaotic. We get it – you’re super busy, sorting your way through countless documents on a daily basis. Workspaces are a hotbed for sensitive information, from weighty business documents to ‘harmless’ sticky notes containing names, phone numbers, or passwords (information that could easily go astray if left sitting on a desk). Adopting a Clean Desk Policy which requires staff to lock away all information (documents, letters, binders, books, etc.) when leaving their workstation is a must for any business (large and small) that wants to take data security seriously.
Myth three: My colleagues know what information is confidential and what isn’t.
If you’re not clued up on what exactly should be treated as ‘confidential’ then the chances are your colleagues won’t be either! Many businesses are even of the belief that customary day to day documents such as email memos and sticky notes provide no threat to their organisation. This lack of awareness is putting your business at risk! In fact, 95 per cent of all security incidents involve human error[1] – showing how easy it is to make a mistake when you don’t know your facts.
The solution? Better training. Some 56 percent of C-Suite executives say that their staff are trained only once a year or less, while 14 percent say they train their staff only on an ad-hoc basis or not at all[2]. Businesses need to ensure that training programmes are carried out on a much more frequent basis (monthly rather than yearly). Firms also need to make sure that any training is truly tailored to what the business stands for and what their employees really need! Put simply, a generalised yearly training session just doesn’t cut it anymore!
Myth four: Using your own smart phone or another device at work is fine as long as it’s password protected.
Employees being allowed to use their own devices – known as BYOD (bring your own device) – can bring lots of advantages, allowing employees to work ‘anywhere at any time’ and often boosting productivity. But BYOD can greatly increase the risk of a data security breach as the security on personal devices is not always adequate. Even if they are password protected, all devices should be encrypted to protect the confidential information stored on them.
If you allow your employees to bring their own devices, then make sure that you have dedicated security programmes in place to protect the pathway from the personal device to your corporate systems. What about a ‘Choose Your Own Device’ strategy? – purchasing devices for your employees who can use them both on and off the job. This brings together the best of both worlds – the same flexible benefits for employees, while safeguarding a company’s data from external and internal threats.
Myth five: Erasing data from a hard drive completely removes the information.
Once data is erased from a hard drive, the information is gone for good, right? Unfortunately this is not the case. Deleted files and highly confidential data can almost always be recovered by a determined individual using the right technique and equipment. Simply deleting information therefore is not enough. To truly protect both employees and customers, professional destruction will ensure the equipment is beyond repair. In other words, while technology is dramatically increasing information security capabilities, a bit of old school hard drive data destruction is also strongly advised.
