Physical Information Security: Neglect It At Your Peril

Mark Harper discusses how the continual mainstream media focus on cyber attacks and digital data breaches means that organisations could be in danger of neglecting their physical information security, duly highlighting the potential risks to paper-based security and how to negate them.

In today’s data-driven environments, data compliance and security should be at the very heart of any business. With the European Union’s General Data Protection Regulation driving fundamental changes back in May last year, it seemed as though the emphasis focused on confidential data as a whole, no matter its source.

In the past 12 months, we’ve seen larger organisations (such as Google and Facebook) placed under the microscope with the threat of severe fines as a result of digital data misconduct. With this in mind, we’re now in danger of our focus slipping when it comes to paper documentation and its safe disposal. Has the pendulum swung too far?

This month alone has been riddled with media coverage showcasing digital data breaches as the Information Commissioner’s Office (ICO) threatens to fine top brands almost £300 million. As reported by Risk Xtra, British Airways is currently subject to the largest fine yet under the new rules.

In 2016, the ICO revealed that some 40% of data security incidents related to the loss or theft of paper documents, with this figure rising again the following year. It’s fair to say that, in terms of media emphasis, these figures are not represented. Yet UK businesses simply cannot afford to neglect paper-based documentation. Stringent consideration into how and where physical documents are disposed of is essential as there are a number of risks associated with their collection, transportation and destruction.

With this in mind, then, how can today’s businesses mitigate the threat posed by physical data breaches?

Protection at source

The Centre for the Protection of National Infrastructure highlights the potential threats to the physical data destruction process, including accidental loss, emergency abandonment, espionage, hijack or vehicle theft, insider attack and general theft. While these threats have the potential to manifest themselves at any point, there’s evidently less control when paper leaves a building.

There have been numerous incidents when highly confidential documents have been left behind. This year in particular has been subject to some potentially serious blunders. In early July, top secret documents containing detailed security arrangements relating to the Porton Down military research facility were discovered in a London bin. Earlier this year, boxes of intimate patient records and financial data were found by the BBC in an abandoned nursing home. Negligence towards physical document destruction could cost UK businesses thousands, if not millions of pounds.

Organisations are right to invest in encryption, anti-virus programmes and other security measures so that digital data remains as secure as possible, but this should not be done at the expense of implementing sensible and proportionate security measures for paper documentation.

External data destruction solutions

Mark Harper

Mark Harper

External data destruction solutions, such as off-site shredding, are often employed for convenience, but rarely is the true security of these services understood or investigated. Yet control is lost as soon as documents leave a building to be destroyed. Off-site shredding may seem convenient, but it opens up a higher possibility of potential risks to documents as soon as they leave the premises, including the aforementioned theft, loss and espionage. Not to mention the fact that these solutions are typically more expensive over time.

Document security is best left in-house. When disposing of paper, Best Practice is to destroy documents at the source, rendering them secure at the time of shredding. It’s about maintaining control of what can be a sensitive process. Not only does in-house shredding neutralise the risks associated with off-site transportation, but there’s also more control to ensure that destruction is carried out to an appropriately secure size.

Yes, particle size is important: a P-1 high volume shredder (typically found in off-site shredding trucks) will produce strips at least ten times larger than a standard P-4 cross-cut office shredder, for example.

Why leave your paper document security to chance?

Mark Harper is Head of Sales at HSM

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts