The Christmas period is often great for business, with customers heading out to the high-street to buy gifts. B2B companies will often also see increases in sales, with potential clients planning their budgets for the next year. Employees love the festive period as it allows them to relax, celebrate their successes and spend more time with their family.
However, the holiday season is not without its downsides. Data breaches, both for consumers and businesses, typically increase around this period, as hackers and fraudsters understand that people are at their most vulnerable when their guard is down. An office’s holiday cheer can quickly be dampened by sensitive information being stolen and therefore damaging the reputation of the company.
The business wind down before the holidays can be extremely dangerous for companies of all shapes and sizes. Only having skeleton staff present, while other employees either work remotely on insecure devices or are on annual leave, increases the potential for a data breach. Given that the average cost of UK data breaches rose this year to £2.7 million, businesses should be extremely wary of how their data is stored and handled - particularly during the Christmas holidays.
Here are some practical steps businesses can take to protect their confidential data during the festive season.
1. Implement a clean desk policy (CDP)
Keeping an office space tidy and storing confidential documents in a secure manner is a crucial first step to avoid a data breach over Christmas. Employees often leave notes from meetings on their desks, or private company data like payroll information or passwords to software, which, if found by third parties, could be used to hack a system or commit company fraud.
In their efforts to implement effective cybersecurity policies, businesses often forget the importance of protecting information stored on paper. A report published by the ICO in 2016 showed that 40% of data security incidents were related to paperwork, indicating the risk of leaving private information in unsecured locations around the office.
Implementing a clean desk policy (CDP), whereby employees are asked to declutter their desks at the end of each day, is an effective way to reduce this risk. However, this can be very difficult to do, even in smaller companies where upper management is able to monitor its implementation more closely.
An essential prerequisite is having the entirety of senior management on board; without pressure from the top, the average employee is unlikely to change their habits. Another important component of a CDP is communicating it efficiently across the company. Sending emails in the run-up to Christmas to explain the reasoning of the policy will help garner support and reduce the risk of physical information becoming lost or stolen.
2. Lock essential documents away
Tying into implementing a clean-desk policy, shredding non-essential paper documents is crucial for protecting confidential data over Christmas. The recent GDPR legislation outlined stricter rules surrounding how businesses should handle and dispose of sensitive information, such as invoices, customer receipts or contracts, with companies now facing fines of up to £17 million for non-compliance.
Securely storing sensitive documents goes hand-in-hand with a CDP, as it allows companies to avoid unnecessary clutter by better organising their space. Locked consoles should be made available for employees, with different cabinets and lockers allocated to different categories of document, such as financial agreements or legal contracts.
Creating storage space in the office is clearly an easier task in smaller companies, where employees process fewer documents and create less waste. Medium and large businesses will find it more difficult to manage their document storage needs, which is why many choose to outsource the work to a secure document storage company to save valuable time.
3. Shred non-essential documents
With businesses more likely to mishandle documents over Christmas, it is even more important for upper management to facilitate secure shredding of documents that are no longer needed. When employees start eating mince pies at their desk or drinking mulled wine at work they become more lax with how they dispose of non-essential documents.
For example, people may throw old files into the recycling bin on the pretence that third parties will be unable to retrieve them. However, these bins are often left unattended and documents can be misplaced or stolen, putting the security of the whole business at risk. Waste paper should always be securely destroyed, especially in the approach to Christmas. The most efficient way to do so is by shredding the files, preferably into extremely fine pieces to eliminate the risk of documents being reassembled.
Many in-house shredders are manual and produce strips that could be too easily be put back together. Outsourcing shredding to specialists like Shredall ensures that paper documents are disposed of securely. Shredall even offers hard drive disposal services, eliminating the risk of any sensitive data being compromised.
The Christmas holidays should be a well-deserved break for your business, a time to relax and regroup before tackling challenges in the New Year. Having fewer employees present puts businesses of all shapes and sizes at greater risk of being compromised and having their holidays ruined. Nevertheless, if the appropriate steps are taken to protect their data, both through cyber and physical security measures, businesses can enjoy the holidays in peace.