Document Security: Surprising Risks in a Document’s Lifecycle

Posted October 07, 2016 by Jenny Green

There was a time when all documents in a workplace were thrown into the rubbish or recycling bin 
and forgotten.

But not anymore!

This kind of process threatens office information security and creates huge risks in the office document security process.

Where is confidential information at risk 

Here are touchpoints in the document lifecycle where confidential information can get into the wrong hands, along with solutions to lower the risks:

  • Handling (left out in the open)

The risk of a data breach increases when confidential documents are left out in the open on an employees desk or left behind in a meeting room or on a photocopier.

Solutions: Comprehensive document management protects information from creation to destruction. Implement a Clean Desk Policy too so that all confidential information is protected in and out of the workplace. Employee access should be based on job requirements. Label documents to be stored by what they contain and when they must be destroyed. Secure storage is key – lock information in a dedicated data room or filing cabinet.

  • Recycling bins

When documents are put into open recycling bins, anyone can record or steal the confidential information. According to the 2015 Third Annual Data Breach Preparedness Study by Ponemon, 55% of organisations have reported a security incident or data breach due to a malicious or negligent employee. 

Solutions: Improve document security management by replacing open recycling bins with locked containers for documents that are no longer needed. The containers should have tamper-proof slots so documents cannot be retrieved. Experts also recommend a Shred-it-all Policy so that all documents are sent for secure destruction – to simplify the process and to remove the risk of employee error.

  • Third-parties

There are potential risks associated with partners, contractors, and other third parties. Cleaning staff, for example, may transfer documents in recycling bins to larger bins  and this can expose confidential information. Furthermore, over the past few years, many large data breaches have been traced back to successful attacks on third-party service providers, partners, suppliers, and contractors. 

Solutions: Monitor third parties for their commitment to security and best practices. The 2015 Cost of Data Breach Study: Global Analysis showed that third party involvement significantly increases the cost of a data breach.

  • Recycling or waste bins outdoors

Any confidential information in outdoor bins is of interest to data thieves. Bin raiding is not illegal unless the skip or bin is in an enclosed area or on private property. 

Solutions: Partner with a document destruction company that securely shreds all confidential information when it is no longer needed.   

  • Transport confidential information

When intact confidential information is transported to a waste or recycling centre, it can get into the wrong hands at any point along the way. 

Solutions: Partner with a reliable document destruction company that has a secure chain of custody including security trained personnel to collect the contents from locked containers on a regular basis. All Shred-it employees, for example, undergo training to achieve a Certified Information Security Professional designation.

  • Recycling paper process

Information is exposed repeatedly when sent to a recycling depot. 

Solutions: Partner with a company that recycles paper after shredding it. Customers should receive a Certificate of Destruction after every shred.  

Be aware about document security

Recycling bins arent the only risk when it comes to office fraud. Find out other areas where your workplace could be vulnerable.

Request a Quote

Fill out the form or call 0800 0114 to start protecting your business today!