by By John Sileo — You’ve heard the stories and seen the headlines. Perhaps you’ve received one of those frightening letters warning that you may be a victim. Data theft continues to be a growing threat to businesses across the U.S., exposing companies to thousands, even millions of dollars in clean-up costs.
Already in 2010, nearly 3 million private documents have been exposed in the workplace—stemming from 182 data breaches in the government, health care, education, financial and food service industries.1 While many believe data breaches only occur online, few understand that unprotected paper documents are a major vulnerability in companies.
In fact, a recent study, commissioned by business security experts Fellowes and the Alliance for Secure Business Information (ASBI), found 49 percent of respondents whose companies have been affected by a data breach stated one or more of the crimes involved the loss or theft of paper documents.2
As a small business owner and victim of a workplace data breach, I know the impact this crime can have on you personally and professionally. Several years ago, a series of crimes were committed under my company’s good name, including US$300,000 in embezzlement by my own business partner. I spent a long time clearing my name and even lost my company due to this crime—a company that had been in my family for more than 40 years.
Prevention is key
Today, I travel the world educating professionals, including facility managers, about the dangers of data breach and identity fraud. My primary message: prevention is key. As a facility manager, you are the first line of defense against data theft and the decision to implement data protection prevention methods starts with you.
The aforementioned ASBI study also found that 61 percent of those surveyed stated there are not enough resources and controls available to secure paper documents. Fifty-six percent of respondents stated more than half of their organizations’ sensitive or confidential information is contained within paper documents. What’s more, nearly half (41 percent) of respondents are uncertain whether their organization has a strict policy in place for securing paper documents.
How can you be a leader in your workforce to ensure confidential documents do not fall into the wrong hands? By evaluating security weaknesses in your workplace, you can better protect your company’s confidential information and ensure the organization does not become a victim.
To get started, here are few key areas where your decisions can really make a large impact.
Evaluate off-site vs. on-site shredding
The single most effective way to prevent confidential documents from thieves is to ensure they are properly destroyed before disposal. While many facility managers look into an off-site shredding company for convenience and potential cost-savings, it’s also important to have shredders available in your office to guarantee that paper documents are destroyed in-house—before they leave your office.
Consider placing a shared-use paper shredder in office service rooms near printers and copiers. These high-capacity machines do the job rapidly and have innovative features which can eliminate frustrating paper jams. For those employees who manage large amounts of confidential information—such as human resource professionals, accountants, legal staff and others—look for individual desk-side shredders for convenience and the added peace of mind that documents don’t need to travel far to be destroyed. Professional and industrial shredders are built to last and can save your company money in the long run. Be sure to look for a shredder with cross-cut or micro-cut capabilities to ensure information can’t be pieced back together.
Install document protection procedures
What do you do when you need to store documents? There are procedures you can enlist in the workplace to ensure everyone is doing their part to protect company data. Here are some of the most effective methods.
- Help employees identify which documents could potentially lead to a breach and need to be properly protected. Most commonly, this includes:
- Employee records, such as salaries and employee benefits;
- Customer information;
- Management accounting reports and budgets;
- Marketing and sales reports; and
- Pre-released financial information and forecasts.
- Ensure paper documents are locked away in cabinets or behind office doors at the end of the day. One never knows if a colleague working late has an interest in getting his or her hands on confidential documents.
- Instruct employees to avoid leaving documents in communal copiers, shared printing spaces, conference rooms or other open areas for extended periods of time.
- Limit the use of social security numbers in the workplace, especially on items such as employee identification badges, time cards or paychecks.
Many data breaches originate from electronic sources as well, and it is smart to partner with your information technology team to ensure confidential data is protected online and over the company Intranet. Sit down with those colleagues to outline guidelines for protecting electronic information.
- Encourage employees to log off computers and lock workstations or office doors at the end of each work day.
- Instruct employees to choose
unique passwords and change them
often. Commit them to memory and avoid writing them down.
- Ensure all company computers have the most up-to-date anti-virus, anti-spyware and firewall software. Check to make sure wireless networks are protected with the proper security settings.
Data breaches are largely preventable. By learning more about data breaches and various prevention practices and precautionary steps you can take, you can help to ensure that you and your company or organization do not fall victim to this type of crime. FMJ
- 2010 ITRC Breach Report” Identity Theft Resource Center, March 2010
- “Security of Paper Documents in the Workplace Study” Alliance for Secure Business Information/Ponemon Institute, August 2008
About the author
John Sileo’s identity was stolen out of his business and was used to commit a series of crimes. While the thief operated behind the safety of Sileo’s identity, Sileo and his business were held legally and financially responsible for the felonies committed. Forced to defend his innocence, he spent two long years fighting to keep from going to jail.
During that time, Sileo became an expert in identity theft prevention and mitigation strategies. The mindsets of prevention he developed during this experience are the basis of his critically-acclaimed, award-winning book, Stolen Lives: Identity Theft Prevention Made Simple.
Sileo is the president of The Sileo Group, an idea-lab focused on guiding organizations to proactively protect their privacy. He is also a member of the Alliance for Secure Business Information.