Spring has sprung – and it’s not just your home that could use a seasonal makeover, your business operations could also benefit from some serious decluttering.
Indeed, for businesses large and small, misplacing documents, files and electronic devices remains one of the key causes of security breaches. According to an information security breaches survey commissioned by the UK government, 90% of large organisations and 74% of SMEs reported a security breach, leading to an estimated total of £1.4bn in regulatory fines.
And in anticipation of the impending enforcement of the EU General Data Protection Regulation (GDPR) legislation in May 2018, it’s more important than ever for businesses to take stock of their information security processes. The GDPR will introduce penalties of up to €20m, or 4% of annual worldwide turnover, far exceeding the current maximum of £500,000. If data breaches remain at 2015 levels, this could see a near 90-fold increase in fines paid to regulators.
Disposing of old documents and electronic devices could save you and your organisation from falling victim to costly data breaches, fraud and reputational damage. Loose papers lingering around your desk and yellowing old documents stuffed into cabinet drawers could contain personal and confidential information which could put you at risk.
Businesses should securely dispose of old files, papers, and electronic devices to help protect such confidential information from insider fraud or security breaches caused by human error.
Here are Shred-it’s five top tips for a secure workplace spring clean:
- Declutter your work space – take the time to assess whether your business is getting the information security basics right. Although decluttering desk space may seem like an obvious solution, too many companies still fall short when it comes to getting the fundamentals in order. Ensure employees remove all papers and non-essential items from their desks that may contain confidential information. Implementing a Clean Desk Policy, which requires employees to clear their desks when they are away from them and at the end of each working day, eliminates the risk of documents, files and even sticky notes containing sensitive information from going astray.
- Implement a comprehensive document storage system – given that many businesses are required by law to retain confidential employee and client information as well as company data for a stipulated period of time, it’s vital businesses have a secure document-retention policy in place. Implement a companywide policy that not only determines which documents need to be kept and for how long, but which also places a limit on the number and type of personnel that have access to storage facilities and files.
- Ensure confidential information is securely disposed of – take the time to review how securely your business disposes of confidential information. Disposing of material in open recycling or waste bins could pose a serious threat to the information of your company and clients. Instead, consider partnering with an information destruction services expert, to professionally manage your whole document disposal and recycling process, including hard drive and electronic media destruction.
- Secure your data, both in and out of the office – carrying out a spring clean should by no means be restricted just to the office, or to physical documents or files. All electronic devices used in the office and by employees on the move should be encrypted and password protected. Additionally, businesses should remind their employees to be fully aware of their surroundings when working from home or in a public setting, ensuring confidential information is not left lying around or visible to onlookers.
- Equip your workplace for the incoming GDPR – if you haven’t done so already, begin preparing for the forthcoming enforcement of the General Data Protection Regulation (GDPR), which comes into effect in May 2018. Businesses can get ahead of the curve by ensuring they adhere to the new standards, for example by appointing a designated data protection officer and adopting a tailored breach notification process in the event of a data breach.