By: Brandon Green, General Manager, Cintas Document Management
According to the Federal Trade Commission, approximately 9 million Americans have their identities stolen each year. Data theft is a growing issue that can cost consumers and businesses millions of dollars repairing the damage to their name and credit record.
As organizations accumulate more personal data, they are also being held increasingly accountable if a data breach or identity theft occurs. With the cost of data breaches continuing to rise, poor document management practices can result in a large unexpected business expense due to labor and related legal fees and expenses. In fact, according to the Pomenon Institute, the average cost per breach in 2010 was $7.2 million. Additionally, data breaches do not only cost companies time and money, they can also take a significant toll on public trust. This often makes it difficult for businesses to survive a security breach.
The top 10 tips to ensure data privacy include:
- Implement a document management program. Identify the types of documents considered confidential and train co-workers on responsible information-handling practices. Restrict co-worker access to these documents and discourage printing of confidential data unless essential.
- Implement a document retention schedule. Identify the amount of time to retain specific documents. Store these documents in a secure place until the retention period expires. A secure place restricts access to co-workers who don’t have a need to access such files. When the retention period is complete, have the documents shredded by a trusted and certified company.
- Regularly shred sensitive documents. To protect sensitive information, consider a shredding service that destroys business documents onsite on a scheduled basis. These companies place secure storage containers in easily accessible and identifiable locations to make it convenient for employees to shred documents. This limits opportunities for employees to make judgment calls on which documents should be shredded. If in doubt, shred.
- Keep documents securely offsite. In addition to outside hackers, valuable employee or customer data may also be compromised. To prevent an unauthorized co-worker from accessing data, keep non-essential documents offsite, further limiting potential access.
- Limit acquisition of confidential customer data. Review the type of customer data your business collects. Unless it is integral to the business transaction, avoid collection of information such as customers’ social security, bank accounts or driver’s license numbers. If the information needs to be gathered, restrict access to only those co-workers who need the information.
- Use password protection. Protect files that contain sensitive data, including payroll, customer and financial information with passwords. Make sure your co-workers change passwords on a quarterly basis at minimum with a combination of six to eight numbers and letters in upper and lower case to further the reduce the opportunity for passwords to be compromised.
- Install and update virus protection software. Virus protection software is the first step in preventing a worm or virus from distributing files or other stored information from a computer over the network. Make sure employees regularly check for software updates so computers are protected against the latest virus threats.
- Clear data before disposing of old computers. Even if a computer is no longer used, sensitive data is still available on the hard drive. Potential hackers or data thieves could prey on such data. Use software programs to wipe the data or identify a data destruction vendor that will physically destroy the hard drive.
- Review company credit card statements. Company credit card data can be compromised just as easily as consumer data. Before paying bills, make sure each employee has reviewed each item to prevent unauthorized charges. If unauthorized charges occur, be sure to notify your credit card company all three credit bureaus to protect your credit.
- Limit use of file sharing programs. While an effective way to collaborate and share documents, file sharing programs can also expose a computer to hackers. If they must be used, make sure the system is protected by strong firewall and virus protection software that is regularly updated.
As identity theft continues to grow, it is important to guard against potential risks so valuable customer data is consistently protected. Businesses must review their current document management programs and make sure they have the best practices in place to protect company, employee and customer data.
For more information on ways to protect company data with a document management program, go to www.cintas.com/documentmanagement.