As the home base of your business you would expect your office to be secure. However in this day and age the number of potential risks for security breaches is higher than it’s ever been. The following are just some of the potential risks to your business as well as some of the potential solutions.
1. Recycling bins
Sometimes important documents fall into recycling bins rather that the pile for confidential destruction. This could be because your employee wasn’t aware of its significance, doesn’t have a destruction pile or it could even have been in the wrong pile to begin with. No matter the reason, having potentially damaging documents in an open and unsecure recycling bin remains a data protection risk. You also cannot guarantee that the document is destroyed at any point. To prevent this kind of mistake it could be worth including a destruction clause into your data protection policy that involves all office paper waste be shredded. At the very least it would be worth ensuring there is a secure destruction console within the office, if not one for every desk, to make sure that all personnel have access to the facilities when they need them. Most document destruction companies will recycle the shredded paper, so it is still good for the environment. Having a lockable destruction console within the office will mean that all paperwork is destroyed whilst also being safe from prying eyes until it is.
2. Untidy desks
If you have an untidy desk, are you likely to notice if one document goes missing? Can you control who has access to your desk and the documents on it? Can you guarantee that any of the papers on your desk aren’t confidential and private and will not fall into the wrong hands? If the answer to any of these questions is no then it is time for action. Documents should be filed away unless they’re being consulted, preferably in a lockable drawer or cabinet. Of course in an ideal world the office would be paperless, as this is better for the environment and more secure however this is not always possible. In the cases where it is possible the best way forward would be to use an Electronic Management System combined with an on going scanning practice which would allow you to constantly update your systems as well as keep control of who has access to which document.
3. Out of date retention policies and lack of data protection understanding
One of the biggest potential security breaches comes from not maintaining the business data protection and retention policies. Not only do they need to be regularly updated and pruned to coincide with current legislation, they also need to be kept in the forefront of your employees minds through maintained training and understanding. Without this it can be very easy to fall into the same routine and 6 months down the line find out the legislation you’ve been working to has become obsolete. At PaperMountains we have a team who are able to advise you on these matters, as well as aid in the implementation of these policies. We also have our own Free Document Retention Guide so you can be better aware of how long documents should be kept before being destroyed.
4. Working from home
Although this risk isn’t within the office, it can still have consequences for your business. If your employees work from home, how many documents are they likely to leave there? If the document is no longer needed what do they do with it? They may know it needs to be destroyed securely but would this translate to documents at home? Or would they simply put them in the recycling. The same issues that apply to mobile devices can also apply to home computers. Can you be sure it is protected against malware and viruses? Is it secure and encrypted? To prevent breaches you should make sure all employees know the policies, even have a copy of them at home. It might also be worth the employee having a console for destruction at home, depending on how often they are there and what kind of documents they work with. Organising a regular “bring your device to work” day may also help prevent breaches through viruses and malware.
If your office has one or more shared printers that don’t require authentication before printing the documents, you may be at risk of a security breach. How often have you printed something and then become side-tracked on your way to the printer? Or had to take a call and forgotten your papers were there? These scenarios mean leaving documents that could be confidential, unsecured and unattended. By having individual printers or pin-protected printing, you eliminate this risk. In an ideal world of course the best option would be to forgo printing the documents at all however this is sometimes unavoidable.
6. Mobile devices and portable drives
This all comes down to how secure the device is. If, for example, a member of staff puts certain documents on to a USB drive to work from home with, can it be absolutely guaranteed that this drive won’t be lost or stolen? If it is, will others be able to gain access to the files? Is it password protected and encrypted? The same can be said for mobile devices used to access online work systems. Are they protected against malware, viruses and other malicious content? Does the device remember passwords for instant access? These are the kind of things you may need to take into account when formulating data protection policies within your business because it only takes one mistake for a business to crumble.
7. Old office equipment
You may not think of old office equipment and technology as a data risk, especially if the reason for the replacement is because of a fault, however if the equipment is not properly wiped and disposed of the information it holds could be recovered and this the cause of a data leak. To prevent this, rather than simply deleting files and emptying the recycling bin, always make sure to wipe the drives either using a degausser or through software that completely overwrites everything. The most secure of these methods is to use a degausser, as even the software has a slight chance of being recovered by a determined, experienced hacker. Physically destroying the drives is also a safe way of disposal, as long as it is done to the correct standards.