WHAT’S YOUR RISK FACTOR?
The G20 Summit – truly the largest security event in Canada’s history – creates unprecedented challenges to the security of business information in the “zone.” Customer and employee records, legal and medical files, financial statements, internal memos and commercial secrets may be exposed to heightened security risks that are likely to be targeted by information criminals.
Unfortunately, most companies have little or no experience adopting their complex information practices to the unpredictable environment within the “zone” or operating remotely from temporary locations outside of the “zone.”
Such times of uncertainty provide opportunities for fraudsters looking to exploit information security loopholes, yet companies’ obligations to protect their clients’ data cannot be compromised under any circumstances.
The potential data security gaps include:
- Lack of emergency preparedness plans and formal information security guidelines
- Paper files or electronic equipment left unattended and unsecured in the offices within the “zone”
- Paper files or electronic equipment misdirected, stolen or lost en route to locations outside the “zone”
- Laptops and removable storage devices, such as CDs and USB keys, as well as sensitive paper documents misplaced, stolen or lost by employees working from off-site locations – including public transport, coffee shops and staff homes
While the security environment and many emergency scenarios cannot be predicted, the good news is that any company can adequately prepare as long as it gets the information security basics right.
Shred-it encourages them to be prepared by following simple guidelines that are important at all times and are imperative during high-risk and emergency situations:
Start with Data Security Audit to identify your unique security gaps
- List all risks specific to your organization and your current internal and external environment
- Target both paper-based and electronic information sources
- Consider every stage of the information cycle, from data generation and storage to the transfer of data between your central office and off-site locations, as well as document destruction
Address them in an actionable emergency preparedness plan
- Include all possible contingency scenarios. Remember:
- All sensitive data that is no longer required – in paper or electronic form – should be destroyed
- All sensitive data that is not destroyed – in paper or electronic form – should be stored securely
Whether you stay in the “zone” or temporarily re-locate, make sure all data you need – in paper and electronic form – is secured.
- Secure all electronic sources through restricted access and effective password protection
- Audit all paper documents: separate still needed data from the data no longer required
- Lock the documents you need in office drawers or, better, secure filing cabinets
- Introduce a “shred-all” policy: shred all documents you no longer need; deposit any unshredded waste in locked security consoles, ideally with secure bevelled slots ensuring that, once paper goes in, it cannot be removed or compromised
- Ensure there are no unattended files on staff desks, in file rooms, office hallways or printing areas
Michael Collins is the vice president for sales at Shred-it Canada. If you are interested in a full Data Security Audit from Shred-it, call 905-465-4288.