So far this year we’ve talked about a couple of big changes you can make to your business’s workplace policies to increase document and data security. For example, a clean desk policy resets the office at the end of the day to make sure the space stays tidy and organised. We’ve also discussed a document retention policy, which specifies where and for how long documents should be kept and how to destroy them. If document security in the office is something that concerns you, it’s worth reading those posts.
However, while both of those policies can make a big positive impact on your data security, it takes time to plan and implement them. If you’re looking to make some more immediate changes, we have a few different ideas for you to consider.
Keep track of your physical documents
Both policies mentioned above are, at their heart, methods of organising your documents. But your business can stay organised without making big changes. Keeping track of your physical documents helps you to know what documents are around the office and will quickly alert you to potential risks.
Without going so far as implementing a full policy, a lockable storage cabinet or cupboard for documents can be brought into use. Within this space documents can be organised by date or topic and only trusted employees need be given access.
It’s also helpful to be aware of where documents might be left lying around. Checking printer trays daily for abandoned documents is an easy way to catch potential risks; this job can easily be assigned to a member of staff who works near the device.
Organise your digital documents
In most workplaces, you’ll likely to need to be aware of online documents more than physical documents. It’s common for businesses to have some kind of intranet or cloud-based storage for their online files and these should be organised and protected in the same way as you would treat physical storage spaces.
Organised online storage makes it much easier to ensure that employees have access to the files they need and that sensitive files aren’t open to unnecessary risk. Centralised folders should be emphasised for all work and employees should be discouraged from saving things to their personal folders or one specific computer.
Transfer physical documents to a secure digital system
While risks exist with storing digital documents, they are more manageable than the risks of maintaining physical storage. It’s easier to mislay physical documents and easier for them to be accidentally destroyed, opening your business up to operational and security risks.
A secure online system makes it much harder for unauthorised people to get access to documents and it’s easier to keep track of where everything is saved. However, transitioning from physical documents to online can be a lengthy scanning process that has its own risks attached. If you have a lot of physical documents to scan, outsourcing to a company like the Shredall SDS Group can make your life a lot easier.
We can collect your documents to scan off-site or scan them on your premises - either way, we handle it. This makes the process much less time-consuming for you and your employees. We will also set up a secure online portal for you so that you can access the scanned documents and control permissions for the rest of the company.
Be too restrictive in your security access
Whether you’re setting access for physical storage, a cloud-based drive or a secure online portal, it’s recommended to be too cautious in who you grant access to, rather than too open. It’s much easier to give someone access who was missed initially than to have to deal with a situation where someone saw something they shouldn’t have.
As a related point, if certain online folders are secured with passwords, make sure that those passwords are stored somewhere even more secure and aren’t being given out to people who shouldn’t have access to them.
Get rid of old IT equipment properly
It’s not just old documents that should be securely destroyed - old hardware needs to be disposed of properly. Data doesn’t just disappear from computer hard drives when they’re thrown out; a competent hacker could access still retrieve any files that were stored on there. This is why it’s never a good idea to just throw hard drives out with the rest of the equipment.
Instead, hard drives will need to be shredded to an acceptable standard or degaussed (a type of magnetic wiping). Hard drive shredding (a service that we offer) involves utterly destroying the hard drive so that any data left on it is useless. The other method, degaussing, leaves the drive intact but scrambles the magnetic field that is used to store the data, rendering it unusable.
Make your employees aware of document security
Whatever methods are brought in to improve workplace document security, there’s no substitute for your employees having a good understanding of data protection. Employees who are conscious of how they’re creating, handling and storing sensitive documents are much more likely to avoid high risk situations than employees who don’t have that level of awareness.
Depending on the size of your company and the policies you have in place, training could be conducted 1-to-1, in small groups or companywide - whichever solution helps everyone to understand and communicates security expectations consistently. The more your employees can police themselves, the less you and your managerial team have to do. From this foundation, it’s easy to introduce new policies and convince employees of their necessity.