Document Security

 In Blog Postings, Education, Healthcare Security, Hospitality, Places of Worship, Retail Security-Loss Prevention, Transportation, Uncategorized

So when was the last time your organization conducted a document security risk assessment?  If you are like the average company you may have never conducted one or a security audit, and if that is the case the potential risks for your organizations confidential or proprietary information or maybe even trade secrets may be at high risk.

Security Risk Management for Confidential Information

In some industries document management is a high priority, such as healthcare.  The Health Insurance Portability and Accountability Act (HIPAA) which protects the privacy of individually identifiable health information has been law since 1996 and yet to this day there are breaches of this act almost on a daily basis.

How many times have we read in the news about health information being compromised or lost?  In some cases when it happens the breach can affect thousands of unsuspecting people, and in other incidents it may only affect a few people at a time.

With healthcare organizations working diligently to enforce this law how does this problem keep occurring?  Simply put, because there are so many different people coming into contact with the information that mistakes can and do happen.

Corporate Document Security

Each business type has some form of document security protection in place, whether it is for financial records, client/customer lists, research and development (R&D), trade secrets, payroll, or human resource files.  With most of that information being stored online there is a risk that if it is not properly protected it can be copied.

The most widely discussed example of this is the case where a government contractor copied thousands of government files and shared them with a “journalist” that is known for publishing government secrets.  Even though the files were the property of the United States government, and they go to great lengths to ensure document security, the information still found its way to the media and foreign governments.

In many cases documents such as the above, and private corporation trade secrets, are encrypted and maintained in high security networks and those personnel with access rights have been thoroughly vetted by management.  However, the information still makes it way outside the facility either intentionally or by accident.  The fact is that unless your organization has numerous layers of security that cannot be compromised, this information may not be as secure as you think.

Root Cause Analysis

After a serious breach of confidential information there is often a process to identify the root cause of that breach and determine mitigation factors so that it does not happen again in the future.  However, many times an organization may not even know that their document security has been compromised.

Case in point, there are many times when employees will intentionally or unintentionally discard sensitive information in the trash. When you talk to the employee that did this you will often find that they did not know that the information was to be protected.

Another common risk factor is lost or stolen laptops or other electronic devices such as USB drives.  This has been the case in many healthcare document security breaches where hundreds or thousands of patient files were compromised when the electronic device that they were stored on was lost or stolen.  In many of those cases the healthcare organization did not even know that the information was on the device until after the fact.

Not that anyone really wants to, but if you were to look in a dumpster there is always a chance that you will discover documents that should have been shredded instead of discarded whole.  In the past I have located payroll information, client lists, personnel records, health records, budget information and a number of other sensitive documents in a trash container. In some cases management knew they were there, and in other cases they had no idea how the documents got there or why they were not properly disposed of.  It all comes down to your document security processes.

Some businesses utilize confidential bins for secure shredding, but again the documents that go into to these bins may not be as safe and secure as you think.  In fact there have been many businesses that believed that their confidential records were secure at all times until they were shredded, and yet they found out that somewhere along the line there was a security system failure and that information was never shredded.

Document Security Fraud

Many businesses have retained the services of document shredding services that promise to keep their documents secure and properly shred them so that the information cannot be compromised.  However, in most cases the organization that hires a contractor to perform this service has never audited the contractor’s facility or process.  That being the case how can you really be sure that your waste product is being properly destroyed?

Document Security Conclusion

Whether it is your private files at home or confidential files and documents at your place of business, of you do not have a reliable document security program in place you should not be surprised if your private records are not that private.  It has a lot to do with the efforts that you put into your program, basically little effort equals high risk.  If you have never conducted an audit of your document security now would be a good time to start before your business loses irreplaceable information or finds itself facing civil litigation for a privacy breach.

Recommended Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search

Armed Security