Putting Your Business at Risk is a Communications Channel You'd Never Guess: Paper

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.entrepreneur.com/article/251959

A new data breach is in the headlines nearly every day,and businesses are
investing trillions in IT security annually to protect themselves against
cyber threats. Unfortunately, as long as these investments focus only on
digital data, they will never be enough. Because, according to the Office
of Management and Budget’s latest cyber assessment, the biggest information
security risk for federal agencies isn’t cyber -- it’s paper.

In fact, fully 25 percent of incidents reported in fiscal year 2014
involved the possible mishandling of hard copies or printed materials, as
opposed to digital records.

Clearly, all businesses need to better protect their sensitive information,
including anything important enough to make it off the screen and onto
paper. Yet despite the common assumption that we now live in a paperless
world, studies show that 89 percent of businesses still use paper copies
for record-keeping.

Those physical documents represent the one risk that cannot be protected by
expensive IT-security technologies. And that scenario is surprising,
because protecting that information requires merely a minimal hardware
investment and the commitment to properly train your most trusted and
trusting employees. Let’s take a look at who is most likely to put your
company at risk and the simple steps you can take to protect your company.

Who is putting your company at risk?

When it comes to trust in the workplace, your employee demographics make a
difference. According to a survey by Swingline, younger adults and high
earners are most trusting of their employers. While on the surface, trust
sounds like a good thing, there may be reason for employers to be cautious.
Research shows a positive correlation between those employees who are the
most trusting and those who improperly dispose of sensitive information.

Trust in the employer declines steadily with an employee’s increasing age.
Roughly 72 percent of employees in the survey, ages 25 to 34, said they
trusted their employer, compared to only 56 percent of those ages 55 to 64,
and 48 percent of those over age 64. As paychecks get richer, employees are
more trusting, as well. For example, 88 percent of employees making more
than $150,000 said they trusted their employers, compared to only 55
percent of those making less than $49,999.

It’s an odd correlation but, taking a closer look at security compliance,
one finds that the most trusting age groups also are those most likely to
throw away sensitive business information without first shredding it.
Employees aged 25 to 34 admitted to skipping the shredder at least 38
percent of the time. Meanwhile, their more compliant and less trusting
colleagues in the 45 to 54 category were compliant more than 75 percent of
the time.

The same trend holds true for high earners. Those making $100,000 to
$149,999 admitted skipping the shredder 47 percent of the time while those
in the $25,000 to $49,999 income bracket skipped it only 27 percent of the
time.

Those making more than $150,000, meanwhile, seemed to be an anomaly of this
correlation, with fewer of them trusting their employers (33 percent), yet
significantly more of them (67 percent) tossing information without
shredding.

Securing your company's information

It’s important to create a culture that promotes data security alongside
trust in the company’s leadership. There are three simple steps that
business owners and leadership can take to promote trust in the company
while also ensuring compliance:

- Implement the policies and processes needed to secure your company’s
physical documents, and educate your staff on their importance.
- Make the small investment required in a high-tech shredder with a secure
auto-feed chamber, to reduce the time and hassle typically associated with
shredding sensitive documents.
- Most importantly, set an example and create a culture of shared
responsibility in security.

In an era when online data breaches are top of mind, it’s easy to overlook
the amount of valuable information that businesses and their employees
willingly place on the street each week without a second thought. As you
continue to invest in IT security, don’t overlook these simple steps to
protect your valuable physical documents.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!