May 20, 2024
Each year technology seems to get more complex, and fraudsters find new ways to try and steal confidential information. There is a growing need for data protection strategies in both professional and personal spaces. Comprehensive data protection solutions that include electronic, online, and paper documents can help ensure that digital and physical data is secure at work and home.
The term “confidential data”, as used here, generally refers to any nonpublic information. This can include confidential business information, such as proprietary information or pricing. It can also include personal information, such as an individual's name, address, email address, IP address, social insurance number, and/or telephone number.
Depending on the industry, certain confidential information may be regulated. Healthcare providers, for example, are responsible for restricting the disclosure of protected health information per privacy legislation. This includes individually identifiable health information that relates to, for example, an individual's past, present, or future physical or mental health condition. Additionally, certain financial organizations are required to protect sensitive personal finance information, such as account numbers and balances, loan applications, and credit card or debit card applications.
The businesses surveyed in Shred-it®'s 2023 Data Protection Report identified four major sources of a data breach: malicious outsiders, malicious insiders, partners and suppliers, and employee error. The report found that 38% of all data breaches involved malicious insiders: employees inside an organization who share confidential information with outside sources. Given all of the news headlines of cyber-attacks, this contradicts the belief that only hackers and cybercriminals are responsible for data breaches. While not the largest source of data breaches, breaches involving employee error accounted for 50% of all data breaches reported in the survey. Organizations can help mitigate this type of data breach by implementing policies that outline information security and privacy guidelines and provide ongoing data security training—on both digital and physical risks.
Companies can employ a wide range of strategies to help reduce their chances of experiencing a data breach. Some of these actions include:
Before sharing confidential information, find out why it’s needed and how it will be protected. Be guarded online, and don’t over-share personal details on social networking sites. Properly set the privacy and security settings on web services and devices. When sending sensitive information by text or email, double-check recipients and necessity. Be careful of phishing schemes where thieves try to steal personal and financial information by sending deceptive emails or text messages.
According to the Association of Certified Fraud Examiners’ (ACFE) report on occupational fraud, it is estimated that organizations lose 5% of revenue to fraud each year1. People should be wary of online and in-person attempts to steal confidential information. Learn to recognize different scams by checking trusted websites and attending ongoing education provided by employers. Unsolicited emails, especially those that require immediate action and contain spelling or other mistakes, should be treated with suspicion. Scrutinize emails with links and attachments. When in doubt, it is a best practice to only open emails or click on links if and when you are able to verify that the sender is known and trusted. Employees should also report suspected emails using a Phish Alert notification to IT. For example, a fraudster might ask for confidential information through a fake holiday gift email. An in-person scam could be someone pretending to be a census worker asking for personal information.
Protect both physical and digital data by ensuring it is locked when not in use. Physically lock electronic devices and use available IT locks like biometrics and security keys. Choose strong passwords (not the default or an easy-to-guess password), and don’t use the same one on different accounts. Place physical documents in locked cabinets when you no longer need them. Implementing a clean desk policy can help protect both physical and digital data. The policy helps ensure physical documents are shredded or locked away and that all computing devices are protected each time an employee leaves a workspace.
Whether doing business out of the office or taking care of personal business in a public space, such as banking, taxes, or online shopping, use a virtual private network (VPN). Even if a device is password protected, taking extra steps helps ensure unauthorized users do not find virtual access to private information.
Whether disposing of information at home or in the office, do not toss confidential data in the trash can or recycling bin. These disposal processes will not prevent criminals from sorting through piles of paper to find private information. When documents have reached their end of life, confidential papers should be disposed of in a locked container destined for shredding prior to disposal, using shredding services like Shred-it®.
Learn how Shred-it® can help protect your professional and personal confidential information with secure document and electronic device destruction.
*This article is for general information purposes only and should not be construed as legal advice on any specific facts or circumstances.
1. Occupational Fraud 2024: Report to the Nations pg. 4