Recent headlines lead businesses and consumers to believe that the majority of data breaches occur online. According to "Security of Paper Documents in the Workplace," a new study from the Ponemon Institute, commissioned by the Alliance for Secure Business Information (ASBI), this isn't always the case. The recent study assesses the awareness, perceptions and behaviors surrounding the security of confidential information in the workplace. In fact, 49% of respondents whose companies have been affected by a data breach stated one or more of the breaches involved the loss or theft of paper documents, and the problem isn't going away, with 80% of respondents indicating their company had experienced one or more data breaches in the past 12 months alone.
Data breaches affect businesses of all sizes; 46% of respondents who represent larger companies estimate the annual financial impact of data breaches within their organization to be between $10 to $+0 million. Key findings from the study reveal companies need to take tighter controls on how they manage their paper trail through stronger enforcement of security policies. According to 56% of respondents, more than half of their organizations' sensitive or confidential information is contained within paper documents. However, 61% surveyed stated there are not enough resources and controls available to secure paper documents, and 57% of respondents reported that it is more difficult to control access to paper than electronic documents. So what is the solution to this growing security and financial problem?
In an effort to protect organizations from falling victim to a data breach, the ASBI recommends the following prevention tips to companies and employees:
- Shred all proprietary information with a cross-cut shredder. Deskside shredders are ideal for business professionals that handle sensitive information, including legal, accounting, human resource or finance departments. Commercial shredders are best for shared use spaces, including printing or copying areas where large volumes of sensitive information are created.
- Develop office guidelines for all employees that outline the procedures for protecting sensitive information.
- Keep all sensitive information and files locked away. Restrict access to those who need it, and closely watch your files.
- Don't use social security numbers on items such as employee identification badges, time cards or paychecks.
- Avoid leaving documents in communal copiers, shared printing spaces, conference rooms or other open areas for extended periods of time.
- At the end of each work day, all employees should log off their computers and lock their workstations or doors.
- When implementing an enterprise-wide discovery management process, consider a holistic approach, and create a solution fit for the organization. This requires following through to monitor its effectiveness and ensure there isn't a false sense of confidence in the system. Companies should identify a solution that will take into consideration the business culture, process and technology currently available to create a valuable program. Taking action far before litigation knocks will not only ease e-discovery woes but also strengthen and protect the organization's valuable information.
The Alliance for Secure Business Information (ASBI) [www.fellowes.com/asbi] was formed in 2008 to educate businesses and employees about the theft of confidential information in the workplace. The study is the first initiative from the ASBI.