In today's data-driven environments, data compliance and security should be at the heart of any business. Mark Harper of HSM, discusses how the media focus on cyber-attacks and digital data breaches mean we are in danger of neglecting our physical information security. He highlights the potential risks to paper-based security and how to negate them.
In the past 12 months, we've seen larger organisations (such as Google and Facebook) placed under the microscope with the threat of large fines as a result of digital data misconduct. With this in mind, we're now in danger of our focus slipping when it comes to paper documentation and its safe disposal.
July has again been riddled with media coverage showcasing digital data breaches as the Information Commissioner's Office (ICO) threatens to fine top brands almost £300m. British Airways is subject to the largest yet under the new rules after the ICO are set to fine £183m after the personal data of 500,000 BA customers was stolen from their website and app.
UK businesses simply can't afford to neglect paper-based documentation. Stringent consideration into how and where physical documents are disposed of is essential as there are a number of risks associated with their collection, transportation, and destruction.
So, with this in mind, how can we mitigate physical data breaches?
The Centre for the Protection of National Infrastructure(CPNI) highlights the potential threats to the physical data destruction process, including:
· Accidental loss
· Emergency abandonment
· Espionage
· Hijack or vehicle theft
· Insider attack
· Theft
While these threats have the potential to occur at any point, there is evidently less control when paper leaves a building.
There have been numerous incidents when highly confidential documents have been left behind. This year, in particular, has been subject to some potentially serious blunders. In early July, top-secret documents containing detailed security arrangements relating to the Porton Down military research facility were discovered in a London bin. Earlier this year, boxes of intimate patient records and financial data were discovered by the BBC in an abandoned nursing home. Negligence towards physical document destruction could cost UK businesses thousands, if not millions.
Organisations are right to invest in encryption, antivirus programmes, and other security measures so that digital data remains as secure as possible, but it should not be done at the expense of implementing sensible and proportionate security measures for paper documentation.
External data destruction solutions, such as off-site shredding, are often employed for convenience, but rarely is the true security of these services understood or investigated. Yet, control is lost as soon as documents leave a building to be destroyed. Off-site shredding may seem convenient, but it opens up a higher possibility of potential risks to documents as soon as they leave the premises, including theft, loss, and espionage. Not to mention that these solutions are typically more expensive over time.
Document security is best left in-house. Best practice, when disposing of paper, is to destroy documents at the source, rendering them secure at the time of shredding. It's about maintaining control of what can be a sensitive process. Not only does in-house shredding neutralise the risks associated with off-site transportation, but there is also more control to ensure that destruction is carried out to an appropriately secure size.