By Rob Shauger
If your business handles personally identifiable information, it is important to keep the information secure in order to protect your clients.
This includes patient records, employment records, loan applications, tax forms, medical forms, credit card applications, and more. Security breaches are a real and large threat to businesses of all sizes and across all industries.
The average total cost for companies who suffered a data breach of more than 50,000 records cost an average of $10.3 million. Think your company is too small to have a data breach really effect you? Think again. According to an IBM study, data breaches involving small businesses can cost a staggering $4.5 million.
Data breaches small or large also tarnish your company’s hard-earned trustworthy reputation, making it harder to gain new clients even years down the road.
While many people associate data breaches to cyber terrorists and online hackers, the truth is often times data breaches occur from improper handling or disposing of personal documents. Thieves target paper documents and use the information to open fraudulent accounts.
Information can also be recovered from computer hard drives that have been improperly disposed of. Simply throwing away hard drives without proper destruction could leave your business (and clients) at considerable risk. If the thief has access and the knowledge, they can wreak havoc on a business.
Do you rip up credit card offers when they come in the mail? If your answer is no because you shred credit card offers, good for you. If you just toss them straight into the recycling, you might want to rethink your policy. Just like seemingly innocuous junk mail can be a threat to your personal identity, a lot of papers floating around your office might be a threat to your client or patient confidentiality.
Right now your office probably has a policy that sends confidential documents to the shredder and non-confidential paper to the recycling bin. But who is deciding what’s confidential and non-confidential, and are you sure that the confidential papers are really getting shredded?
When it comes to security, employees are often our greatest assets and our biggest liabilities. A well-trained staff can have an exponentially positive impact on data security, just as poorly trained staff can negatively affect your patients’ and clients’ privacy.
Even the most sophisticated software programs cannot keep your sensitive data safe if your employees are not following your privacy and data security guidelines. Employees can leave your data vulnerable in a number of ways:
• Using personal devices to perform work duties.
• Connecting personal devices to the secure work network;
• Checking personal emails and accounts on work devices;
• Leaving papers/folders open or unsecured in public areas;
• Throwing away sensitive documents instead of securely shredding confidential information;
• Improperly disposing hard drives containing client’s personal information.
The best way to minimize your company’s risk of data breaches is to have strict document handling and disposing protocols.
Shauger is director of sales and development at ConfiData.