It’s a fairly well known fact that the majority of large-scale data breaches in business are the result of cyber crime. Hackers are always coming up with new and inventive ways to get past our defences and access our data, with the recent attacks on Google and the NHS as proof of that. But what we often forget is that this type of crime doesn’t just happen online. Often data breaches can be traced in some way to paper records which have been reconstructed from strip-cut shredders, duplicated or physically stolen.
The Identity Theft Resource Centre’s 2016 report on data breach shows us that business has become the second most targeted category for criminal hacking activity, with 109,883 records having been unlawfully accessed or stolen in 2016 so far. The general business sector saw an increase of 187% in data breaches last year, with the loss of theft of paperwork being the most common single incident type throughout the year. Most of these reports resulted from lost paperwork, but just under a quarter were due to paperwork being stolen from employee vehicles or being left on public transport. A significant amount of breaches also occurred due to paperwork being posted or faxed to the incorrect recipients. When so much of the data breach landscape of the past year has already been carved out by paper, can you afford to not asses your security?
So How Do I Avoid Data Breaches?
When you are looking at how to shore up your defences against data breach and theft, we advise that you consider your physical security as well as your digital security. While you’re encrypting files or putting up extra firewalls, take the time to relocate your document storage to a more secure area, ideally behind a lockable door or two. You should also consider implementing proper handling and disposal policies and procedures for every document that passes through your business, regardless of the information it contains. New policies also require employee training to ensure everyone understands exactly what the new policies are, how they can follow them and why they are being implemented. Training your employees to shred documents or store them in a secure shredding unit for disposal, for example, is often a step that is overlooked in basic security training.
Remember Your Document Lifecycles
The lifecycle of a document covers every moment of its movement, from creation to destruction. For businesses, a lot of paperwork needs to be kept for 7 years in order to be compliant with HMRC audit rules. The problem is that 7 years is a long time, and documents often go forgotten after just 1. This means that many businesses have storage rooms full of files that could date back to the beginning of the business, and not just the mandatory 7-year mark. Every one of those documents that is over 7 years old is a security risk, and should be routinely destroyed to protect your business data. After all, just because the old chequebook is out date, it doesn’t mean that the bank details on it aren’t still valid. To truly protect your data, implement a document lifecycle management policy – with a cleanse cycle at least once a year to ensure no unnecessary paper documentation is being kept. This old paperwork should then be bagged up and shredded to stop it falling into the wrong hands.
The rise of cyber crime has opened a lot of businesses eyes to the risks of the online world, which has led to a new focus on digital security. But in amongst all of this digital focus, it’s often easy to forget that the documents physically sitting on our desks or in our storage rooms contain just as much confidential information; except there is no firewall protecting them. For more information or advice on protecting and destroying your paper records, get in touch for your free consultation.