Securing Confidential Information: the Future of Data Protection
Shred-it celebrates a quarter century committed to information security and looks ahead to its changing landscape
WASHINGTON, Nov. 26, 2013 /PRNewswire/ -- The face of information security has changed over the past 25 years and the future of the industry is certain to become even more complex. As Shred-it celebrates 25 years of protecting the sensitive information of American businesses and organizations around the globe, the company looks ahead at the changing landscape of information security and the critical challenges facing companies as they conduct long-term planning. The increased mobility of data and the emergence of new data threats have catapulted information security to the top of many organizations' agendas.
Societal, technological and legal changes have had an enormous impact on the information security industry over the past 25 years. In the late 1980s, much of the sensitive and confidential information relied on for critical business operations were on paper. Back then, forward thinking organizations ensured that their paper documents were disposed of as securely as they were stored. Twenty five years later, businesses large and small are operating in an increasingly online society that's dependent on digital data for the efficiencies it affords. Before the 21st century, there were few rules in place encouraging businesses to make information security a priority. However, Congress is hoping to change that and force businesses to recognize the importance of making information security a priority with the introduction of the Data Security and Breach Notification Act of 2013, which will require organizations that acquire, maintain, store or utilize personal information to protect and secure this data. Today forward thinking organizations need to consider several tiers of security and accessibility risks, both physical and digital, both internal and external.
"The scope of information security will continue to change dramatically in the coming years and more than ever, businesses of all sizes will need to examine their policies and determine how to best protect their sensitive and confidential information," says Vince De Palma, President and CEO at Shred-it. "Without a forward thinking data protection plan, businesses leave themselves vulnerable. A long-term information security plan is not only critical to meeting standards and legal regulations across industries, but also instrumental in protecting an organization's most valuable assets – confidential information, brand reputation and trust."
Looking Toward the Future
Shred-it has identified some of the top challenges organizations will face in the coming years. While it's essential for businesses to examine their current policies and procedures, it's also important to forecast necessary improvements and augmentation:
- Cloud migration: More companies are moving their information systems to online cloud storage. While backups happen automatically, the challenge is that security processes and solutions are still being developed for this new service which may leave businesses at risk for loss of valuable information;
- Mobility: In a world where a mobile workforce carries around a variety of electronic devices and hard copies of documents, it will become increasingly important to enforce comprehensive information security policies and protocols to ensure confidential and proprietary information protection;
- Electronic documents: From external hard drives to complex tablets and smart devices, sensitive information is being stored in more places and it will be important to expand e-destruction services to ensure all information is kept private and secure;
- System upgrades: As information is migrated to new systems and as old records – whether paper, digital or in other formats – becomes obsolete, it is important that the right processes are in place to safeguard confidential information.
As a leader in information security, Shred-it is also evolving its service to keep up with current trends. In addition to its comprehensive document destruction services, Shred-it now offers hard drive destruction at all of its North American locations. The service offers a secure chain of custody process, complete destruction of the hard drive that makes data recovery impossible and an itemized certificate of destruction upon completion.
Consider All Possible Sources of Data Loss
While it's hard to deny that technology will continue to become more innovative and enhance the way we live our lives, paper isn't going to disappear anytime soon. Paper records play a crucial role in many industries and provide necessary documentation that technology simply will not be able to duplicate.
To mitigate the risk of fraud, businesses should consider the following tips:
- Think prevention, not reaction. There is no one-size-fits-all data protection strategy. Develop preventative approaches that are strategic, integrated and long-term, such as eliminating security risks at the source and permanently securing the entire document lifecycle in every part of your organization;
- Have you identified your risk areas? A security risk assessment helps to determine the level of information security in your business and that helps identify risks and how to put a secure and safe information destruction program in place;
- Be security savvy. Put portable policies in place for employees with a laptop, tablet or smartphone to minimize the risk of a security compromise while traveling;
- Recycling vs. shredding. Recycling containers do not keep your information secure as anyone can access the information. Shred-all policies and locked consoles keep your information secure the entire time, meaning that businesses are able to recycle and destroy confidential or sensitive information at the same time, without implementing two separate control systems;
- Secure shredding. Provide office employees with a locked console where they can deposit their unneeded documents prior to disposal;
- Protect electronic data. Ensure that obsolete electronic records are protected as well. Simply erasing or degaussing a hard drive or photocopier memory does not remove information completely – physically crushing the device is the only way to ensure that data cannot be retrieved;
- Create a culture of security. Train all employees on information security best practices to reduce human error. Explain why it's important, and conduct regular security audits of your office to assess security performance.
For more information about Shred-it, information security and fraud protection, please visit the Resource Centre on www.shredit.com.
Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com