European Cyber Security month: time to delete paper based risk

It’s European Cyber Security month and with the GDPR (General Data Protection Regulation), less than two quarters away, on-site data security is as hot a topic as ever.

While many organisations are thinking about their cyber security and personal data management, we’re keen to highlight the need for organisations to not undermine their data security policies and procedures by failing to manage the very real risks that paper and printed documentation present.

Paper based security risk

The ICO report that 40% data security incidents between July and September 2016 were attributed to paper. This included loss or theft, sending documents to the wrong recipient, insecure disposal or leaving papers in insecure locations.

The ICO has also revealed that almost two thirds of offices admit to not shredding confidential information, putting themselves, their customers and their workplace at risk.

This is why we’re calling on organisations to focus on paper during European Cyber Security month and to create and include a paper security policy in their GDPR compliance preparations.

Paper security policy

All data security policies should include guidance for storing, accessing and destroying paper documents.

What, Where, Why, When: paper security policy essentials

To help organisations construct their paper security policies we recommend asking the following questions:

  1. What – data types does your organisation use?
  2. Where – should your data be stored?
  3. Who – needs to access to data and who can approve access?
  4. When – should data be destroyed?

What can I do now to minimise risk?

Educate staff to recognise the different data types and how each requires a different level of security management.

Data Types

  1. Personal– means data relating to a living individual who is or can be identified from the data
  2. Sensitive– is also data relating to a living individual but it includes one or more details about a data subject including, race, political opinion, religion, health and criminal activity
  3. Confidential– typically represents data which should be kept completely secret and not shared with anyone unless under NDA.

Offer staff high security on-site paper disposal & destruction opportunities

Rexel Auto+ automatic feed shredders let employees load a stack of paper, shut the lid and walk away, removing the productivity pain point cited by those who shred frequently. Documents are destroyed instantly, on-site.

Educate employees about document security

Training, support and guides should be made available to employees to educate and make them aware of the changes taking place. Providing training is a great incentive for staff and should empower employees to take responsibility in complying with the GDPR. It is also a good idea to nominate representatives from each team, who are responsible for ensuring paper documents are correctly processed, stored, or destroyed, and who also monitor paper stack build-up on desks.

Our “Keeping your identity safe in the office” infographic is a great resource to start your internal education with.

To stay up to date with the latest releases of shredders follow @rexeleurope on Twitter or visit our website. Rexel’s e-book about understanding GDPR, also includes a framework for business compliance is also available to download for free here.