Mark Harper discusses how the continual mainstream media focus on cyber attacks and digital data breaches means that organisations could be in danger of neglecting their physical information security, duly highlighting the potential risks to paper-based security and how to negate them.
In today’s data-driven environments, data compliance and security should be at the very heart of any business. With the European Union’s General Data Protection Regulation driving fundamental changes back in May last year, it seemed as though the emphasis focused on confidential data as a whole, no matter its source.
In the past 12 months, we’ve seen larger organisations (such as Google and Facebook) placed under the microscope with the threat of severe fines as a result of digital data misconduct. With this in mind, we’re now in danger of our focus slipping when it comes to paper documentation and its safe disposal. Has the pendulum swung too far?
This month alone has been riddled with media coverage showcasing digital data breaches as the Information Commissioner’s Office (ICO) threatens to fine top brands almost £300 million. As reported by Risk Xtra, British Airways is currently subject to the largest fine yet under the new rules.
In 2016, the ICO revealed that some 40% of data security incidents related to the loss or theft of paper documents, with this figure rising again the following year. It’s fair to say that, in terms of media emphasis, these figures are not represented. Yet UK businesses simply cannot afford to neglect paper-based documentation. Stringent consideration into how and where physical documents are disposed of is essential as there are a number of risks associated with their collection, transportation and destruction.
With this in mind, then, how can today’s businesses mitigate the threat posed by physical data breaches?
Protection at source
The Centre for the Protection of National Infrastructure highlights the potential threats to the physical data destruction process, including accidental loss, emergency abandonment, espionage, hijack or vehicle theft, insider attack and general theft. While these threats have the potential to manifest themselves at any point, there’s evidently less control when paper leaves a building.
There have been numerous incidents when highly confidential documents have been left behind. This year in particular has been subject to some potentially serious blunders. In early July, top secret documents containing detailed security arrangements relating to the Porton Down military research facility were discovered in a London bin. Earlier this year, boxes of intimate patient records and financial data were found by the BBC in an abandoned nursing home. Negligence towards physical document destruction could cost UK businesses thousands, if not millions of pounds.
Organisations are right to invest in encryption, anti-virus programmes and other security measures so that digital data remains as secure as possible, but this should not be done at the expense of implementing sensible and proportionate security measures for paper documentation.
External data destruction solutions
External data destruction solutions, such as off-site shredding, are often employed for convenience, but rarely is the true security of these services understood or investigated. Yet control is lost as soon as documents leave a building to be destroyed. Off-site shredding may seem convenient, but it opens up a higher possibility of potential risks to documents as soon as they leave the premises, including the aforementioned theft, loss and espionage. Not to mention the fact that these solutions are typically more expensive over time.
Document security is best left in-house. When disposing of paper, Best Practice is to destroy documents at the source, rendering them secure at the time of shredding. It’s about maintaining control of what can be a sensitive process. Not only does in-house shredding neutralise the risks associated with off-site transportation, but there’s also more control to ensure that destruction is carried out to an appropriately secure size.
Yes, particle size is important: a P-1 high volume shredder (typically found in off-site shredding trucks) will produce strips at least ten times larger than a standard P-4 cross-cut office shredder, for example.
Why leave your paper document security to chance?
Mark Harper is Head of Sales at HSM