In today’s business world, confidential information is everywhere, from customer lists to pricing information to employee information. These are critical business assets that must be handled properly or you risk a security breach.
Here are 8 suggestions to help keep your confidential business documents secure
Implement a Workplace Information Destruction Policy
Leaving what should be shredded up to your employees is risky business. Do you want your employees deciding what is sensitive information and what is not? Having a predefined information destruction policy will help alleviate any questions as to what to destroy and when.When Implementing a Workplace Information Destruction Policy, it should contain provisions for both day to day documents and ones that have a longer document life cycle.
- Day to Day Documents – Implementing a Shred-all policy is of utmost importance. This means that ALL documents (from post-its to customer information) are shredded or placed into the shredding bins. NO MATTER WHAT. This takes away the complication of your employees making the decision of what should be shredded and significantly reduces the risk of a security breach. This is a simple, yet extremely effective strategy to mitigate any risk.
- Documents that need to be retained for a period of time – It is important to know what the document retention rules are for your business. Documents such as tax files, employee records or medical records that need to be retained for a particular time period must be stored and destroyed in a secure way. As part of your policy, all documents must be stored in a secure, locked area to ensure the safety of the information. Boxes should be indexed so you know what is in the box and when it can be destroyed. Once the retention period has passed, all documents should be shredded in a timely manner.
Implement a Clean Desk Policy
Leaving sensitive documents on your desk makes them more susceptible to a breach. Whether they are left in full view or in a file folder, it makes it easy for visitors, cleaning staff or other employees to access confidential information. All documents should be locked up at the end of the day. No paper or confidential information should be left out on desks. Locking up this information ensures it remains secure while the documents are still in use.
Train Employees on the Importance of Document Security
Employees should be trained to handle confidential and proprietary information with care and to respect the sensitivity the information. Specifically, you should train your employees to:
- Protect confidential information, regardless of the media type for the entire life cycle of the information
- Shred All paper documents regardless of their sensitivity and lock up all sensitive documents when not in use
- Share confidential information only with those who need to know
- Have a written, signed, confidential non-disclosure agreement before disclosing confidential information to third parties
- Promptly report any actual or suspected unauthorized access to management
Include a non-disclosure clause in employment agreements
It is best practice to ensure that your employees sign a confidentiality and non disclosure agreement to protect your sensitive business information. This will safeguard your company and make your employees aware that they are not to distribute or share information that is proprietary. Confidentiality provisions in an employment contract make it clear that your business is serious about confidentiality, and can help prevent problems from a legal and practical perspective.
Limit access to sensitive information
A company with confidential information should be careful to limit access to confidential information to only those employees who have a “need to know”. Hard copies of documents should be kept locked, and electronic copies should be password protected.
Have a strict visitor policy
Where appropriate, visitors to a workplace should sign a confidentiality agreement upon arrival. In addition, they should be escorted at all times and should be kept away from areas where they may be exposed to confidential information (unless they have a “need to know”).
Secure Paper Document Storage
For all physical documents, steps need to be taken to ensure they are at as little risk as possible of theft. Start by making sure where they are all kept is locked at night. Employees should be trained in locking away sensitive documents and checking they are safe. It can also be useful to invest in secure offsite storage for those documents that require a longer retention period. The information is then professionally managed and under high quality protection. You will still have access to all paper documentation when required.
Always Back Up
Where possible, always back your information. Physical documents should be scanned and saved on secure servers. If the worst does happen and any of your secure documents are lost or stolen or damaged, you will still have access to them when you need them.Need help implementing these measures?
Contact Blue-Pencil and we can help keep your business secure.