Now more than ever, businesses cannot afford the potential negative financial and reputational impacts of a data breach. According to the 2023 IBM Cost of a Data Breach Report, the average cost of a data breach reached an all-time high of $4.45 million (in US dollars). This represents a 2.3% increase from the 2022 cost of $4.35 million. To help protect against a data breach, businesses should have a comprehensive data protection plan that prioritizes both digital and physical security risks. Below are some tips that will help determine what information businesses have as well as what documents should be shredded to help protect against a physical data breach.
Implement a Data Management Program
The “basics” of an organization’s data management program form the foundation of effective information practices. Business leaders should meet with their data protection officer and any other relevant employees to answer some key questions about their companies’ information management procedures, including:
- What data is collected and stored?
- How much data is collected and stored?
- Where is data stored?
- For how long is data stored and why?
- With whom is data shared?
Identify Areas of Risk
Conduct an information security risk assessment and a walk-through of administrative areas, including the front desk, to identify high-risk areas such as printing stations, messy desks, and exposed trash and recycling bins. Flag these vulnerabilities and develop policies that can help to remove the threat.
Adopt Data Security Policies
Effective policies include:
- Clean Desk Policy: A clean desk policy helps ensure staff shred or contain physical documents and that all technological devices are password protected each time an employee leaves a workspace. A clean desk policy helps reduce clutter, improves the security and confidentiality of information, and can contribute to an organized workspace as a best practice throughout the organization.
- Shred-it All Policy: This policy encourages the regular destruction of all documents. It is one of the most effective ways to help prevent physical data breaches from occurring.
Reinforce Policies through Reminders and Rewards
To help get buy-in from employees, put up posters reminding them of the new policies in place to protect confidential information in the workplace. Business owners can also drive employee engagement initiatives to encourage employees and incentivize good behavior through rewards such as team member recognition.
Develop Retention Schedules
All documents have a recommended retention period, depending on their importance and content. There may be laws and regulations that dictate which documents need to be kept and for how long. Follow document retention schedules to help keep offices free of clutter and to contribute to the protection of information.
Determine Which Documents to Destroy
Ask yourself the following questions. If you answer YES to any of these, then SHRED the document.
Does it have any personally identifiable information (PII)?
Does it contain information protected by privacy laws?
Does it include any confidential corporate information?
Does the document list any financial information?
This includes:
- Contracts
- Customer lists
- Medical records
- Payroll information
Physical Data Destruction
Shred-it® offers a wide range of reliable data destruction services that are designed to best meet your needs.
Download our info sheet for a more detailed list of what documents should be shredded. Contact Shred-it® today to learn more about how we can help keep your business’ physical data secure.