Data breaches can happen in every office, unknowingly. How is this possible? In Marc Emery’s article for Forbes Magazine, Paper Chase: The Huge Security Risks Now In Your File Room
, he says, “Paper is still a highly integrated part of day-to-day operations across almost every industry. Organizations that don’t take secure storage and destruction of critical documents seriously are simply tempting fate.”
But data breaches aren’t limited to paper, nor are they limited to your file room: they’re everywhere. From the pile of prospective candidate paperwork on HR’s desk to the stacks of old hard drives piled-up
in the server room, your data and confidential client information could be at risk.
Where should you look for the biggest data breach offenders around your office, and what can you do to stop them?
Are all of your accountant’s files password-protected or kept under lock and key? Files left on your accountant’s desk are not safe. If his/her desk is covered in invoices, bills, purchase orders, checks, and confidential client information, everyone in your office could be privy to it. Were this information to get into the wrong hand… it would not be pretty. Make sure that your accountant is storing files properly
and that none of your client information could get compromised.
What is the protocol for prospective employee interviews? Make sure that HR and all of your hiring managers do not have copies of your prospect’s resume sitting on their desk, out in the open. This is a breach of confidentiality, and your prospect or new employee could pursue litigation. As the Fast Company article, Arbitration Agreements, Audits, and Records Retention
pointed out, “…Employers must be careful not to disclose, negligently or intentionally, any information that could violate the law or subject the employer to a lawsuit for invasion of privacy and/or defamation.” By creating an HR policy for how documents are shared and stored, this limits your liability and protects your company.
Stop IT Leaks
Where does IT currently keep their old hard-drives? Is there a data protection
program in place? Check that your IT department is taking all of the necessary precautions to destroy old data. Whether its piles of old hard-drives in the server room, or a box of floppy disks and CDs underneath a desk, all of this information could be compromised, and your IT department needs to prevent any data breaches from taking place. It’s important to securely and safely destroy your media
and receive a Certificate of Destruction to prove that you are compliant.
Ditch The Shred Pile
What good is a shredder if piles of internal documents could be sitting next to it, or worse, in the recycling bin? A shred pile allows anyone in your office to come across confidential information. As Marc Emery writes, “Many paper documents are subject to strict regulations governing consumer privacy, so businesses can’t just throw them in the trash or in the recycle bin. The risks and fines related to mismanaging documents are surprisingly high.” It is important to understand the risks of personal shredders
and limit the happening of piles of paper around your office.
Accounting and HR departments, the shred pile, and the IT department are not where you would expect data breaches could occur. As an employer, you must take steps to protect client and employee confidentiality. Failure to do so can result in fines, litigation, or an audit; so make sure protect and manage your documents
. This way, you can prevent data breaches from occurring in the future and keep your company information safe and secure.