Interviews

Paper security challenges

by Mark Rowe

Handling of paper documents is the single greatest threat to the protection of information. That is according to a recent study by storage and information management company Iron Mountain and the audit firm PwC, launched ahead of World Paper Free Day on November 6. Two thirds (66 per cent) of mid-sized companies in the UK regard the management of information on paper as a serious security risk, more than double the number that fear external threats to digital content such as hacking and malware.

The study suggests that many organisations are not coping effectively with paper. 39 per cent of those surveyed have monitored policies in place that guide employees in the storage and disposition of digital records, but just 31 per cent have the same for paper documents. Only 39 per cent have monitored access restrictions to areas where confidential information is stored. Over three quarters (85 per cent) of firms rely on one person or team to manage both paper and digital information risk – although the study found that top performers in risk management invariably have distinct groups looking after paper and digital information.

Most organisations think IT security managers should have a responsibility for information risk (73 per cent) with many (42 per cent) believing that IT security managers should be ultimately accountable. In the UK just 3 per cent believe that the records manager should hold some responsibility. The study suggests that the paper security challenges organisations face include the widespread existence of legacy archives, uncertainty about retention rules – with many companies retaining all records just in case – and an increased focus on digital transformation.

This complements the findings of another Iron Mountain study which found that two-thirds of firms in the UK (63 per cent) find it hard to integrate paper into automated customer management processes.

Sue Trombley, Managing Director of Professional Services at Iron Mountain said: “All information is vulnerable in some way, but paper and digital records carry different risks that firms need to understand and govern appropriately. In the absence of proper controls and policies, paper can be photocopied – not just once, but many times. It is easily shared and removed and can be left lying around, filed randomly or disposed of in any bin. Organisations need to introduce and monitor effective processes and responsibilities for keeping paper documents safe. While we may never be completely free of paper, we can significantly reduce its associated risk by raising awareness, providing practical processes, and monitoring compliance.”

Iron Mountain recommends that companies follow these three steps:

Make the most of widely available and affordable eLearning courses and tools to reach all employees in all locations with the same message – and expectations – for managing information.
If organisations haven’t already thought about imaging their paper records, it’s worth taking a look at document processes and seeing what might be right for scanning, such as documents required immediately or regularly. The original paper documents can then be destroyed or archived securely depending on relevant retention guidelines.
An annual clean-up day can go a long way toward putting the focus on the control of paper records and deciding how to get paper records out of the office environment. With proper guidance, employees can help determine whether to destroy records or send them to a secure off-site storage facility.

The full report Beyond Good Intentions: The need to move from intention to action to manage information risk, can be found at http://www.ironmountain.co.uk.

Related News

  • Interviews

    Pass the Hash

    by Mark Rowe

    Now please “Pass the Hash”, writes Calum MacLeod, VP of EMEA at Lieberman Software Corporation. There was a time many moons ago…

  • Interviews

    Data Protection Day

    by Mark Rowe

    Data protection day is on January 28. Vice-President Viviane Reding, the EU’s Justice Commissioner said ahead of the day: “Data protection in…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing