Register
 (photo: )
19.07.2019, 13:47

Don't Forget Paper Documents

EMEA, Data Security
Mark Harper of HSM says media focus on cyber-attacks and digital data breaches is detracting from the need for organisations to enhance physical information security.

 

 

In today’s data-driven environments, data compliance and security should be at the heart of any business.

 

With the GDPR driving changes back in May 2018, it seemed as though emphasis rightly focused on confidential data as a whole, no matter its source. However, in the past 12 months we’ve seen larger organisations (such as Google and Facebook) placed under the microscope with the threat of large fines as a result of digital data misconduct. With this in mind, we’re now in danger of our focus slipping when it comes to paper documentation and its safe disposal. So, has the pendulum swung too far?

 

Neglect at your own risk

July has again been riddled with media coverage showcasing digital data breaches as the Information Commissioner’s Office (ICO) threatens to fine top brands almost £300 million. British Airways is subject to the largest yet under the new rules, after the ICO are set to fine £183 million after the personal data of 500,000 BA customers was stolen from their website and app.

 

In 2016, the ICO revealed that some 40 per cent of data security incidents related to loss or theft of paper– and this figure rose again the following year. It’s fair to say that, in terms of media emphasis, these figures unfortunately aren’t represented. Yet, UK businesses simply can’t afford to neglect paper-based documentation. Stringent consideration into how and where physical documents are disposed of is essential as there are a number of risks associated with their collection, transportation and destruction.

 

So, with this in mind, how can we mitigate physical data breaches?

 

Protection at the source

The Centre for the Protection of National Infrastructure (CPNI) highlights the potential threats to the physical data destruction process, including:

  • Accidental loss
  • Emergency abandonment
  • Espionage
  • Hijack or vehicle theft
  • Insider attack
  • Theft.

 

While these threats have the potential to occur at any point, there is evidently less control when paper leaves a building.

 

There have been numerous incidents when highly confidential documents have been left behind. This year in particular has been subject to some potentially serious blunders. In early July, top secret documents containing detailed security arrangements relating to the Porton Down military research facility were discovered in a London bin. Earlier this year, boxes of intimate patient records and financial data were discovered by the BBC in an abandoned nursing home. Negligence towards physical document destruction could cost UK businesses thousands, if not millions.

 

Organisations are right to invest in encryption, antivirus programmes and other security measures so that digital data remains as secure as possible, but it should not be done at the expense of implementing sensible and proportionate security measures for paper documentation.

 

External data destruction solutions, such as off-site shredding, are often employed for convenience, but rarely is the true security of these services understood or investigated. Yet, control is lost as soon as documents leave a building to be destroyed. Off-site shredding may seem convenient, but it opens up a higher possibility of potential risks to documents as soon as they leave the premises, including theft, loss and espionage. Not to mention that these solutions are typically more expensive over time.

 

Document security is best left in-house. Best practice, when disposing of paper, is to destroy documents at the source, rendering them secure at the time of shredding. It’s about maintaining control of what can be a sensitive process. Not only does in-house shredding neutralise the risks associated with off-site transportation, there is also more control to ensure that destruction is carried out to an appropriately secure size. And, yes, particle size is important: a P-1 high volume shredder (typically found in off-site shredding trucks) will produce strips at least 10 times larger than a standard P-4 cross-cut office shredder for example. So, why leave paper document security to chance? 

 

­­

 

Sources

www.theguardian.com/business/2019/jul/08/ba-fine-customer-data-breach-british-airways

https://officeteam.co.uk/blog/paper-shredding-vital-gdpr-compliance/

www.dailymail.co.uk/news/article-7215295/

www.bbc.co.uk/news/av/uk-england-hampshire-47860424/

www.mirror.co.uk/news/politics/key-brexit-documents-left-eurostar-12829601

www.theguardian.com/media/2001/sep/07/marketingandpr

 

   

 

Article rating:

vote data

Leave a reply

Rushmore Primary School. (photo: )
Delta Security  - 12.02.2019, 08:07

Delta Secures a Local Primary School

UK high-security specialist Delta Security has installed a sophisticated 1080p HD CCTV system at the Rushmore Primary School in Hackney.

The Bridges Shopping Centre in Sunderland. (photo: Bowman Riley Architects)
FM Editor  - 15.04.2019, 10:47

OCS Achieves Success at Revo ACE Awards

OCS UK has been named "Top Scoring Service Supplier 2019" at this year's Revo ACE Awards which celebrate retail destinations and people that deliver a consistently positive experience for customers.

 (photo: )
FM Editor  - 01.05.2019, 09:05

Future-Orienting Building Systems

A new BACnet/IP automation station from Sauter interfaces with common field bus protocols, the IoT and Cloud storage solutions to facilitate the control of critical building systems.

 (photo: )
FM Editor  - 22.08.2019, 12:27

St George's University Hospitals Contract

Interserve Group has been selected to deliver major multiple projects as part of the estates infrastructure improvement programme for St George's University Hospitals NHS Foundation Trust in South...

Hebe Richardson. (photo: )
FM Editor  - 21.08.2019, 12:25

UK Caterer Appoints Wellness Manager

Independent caterer Bartlett Mitchell (BM) has appointed Hebe Richardson to the newly created position of ‘Wellness Manager’.