Your Information Security Plan

With all the media coverage of the various online data security breaches and the impact of those breaches on the companies and consumers involved, it’s easy to lose sight of the importance of physical information security. Stories about online data security are sexier because they involve 21st century technology, but to the customer whose personal or private business information is compromised, it really doesn’t matter much how it got compromised. It only matters that it did. So companies must guard physically stored customer information just as diligently as they do electronically stored data.

Start with a needs inventory
Before you can create a plan, you should identify what customer information you need to keep in the first place, and how long you need to keep it. This will vary from business to business. Once you’ve made a determination of what you need you should document that. This information is the beginning of your information security plan.

Destroy what you don’t need
Once you’ve determined what information you need to keep, it’s time to securely destroy what you no longer need. To securely destroy it doesn’t mean just tossing it in the trash dumpster. It needs to be shredded. If there’s only a small amount, it can probably be done in-house if you have the proper equipment and the time to do it. If there’s a larger amount, or you don’t have the time or equipment resources to securely destroy it in a timely manner, you should hire a professional like Secure On-Site Shredding to do it for you. In either case, you should document the destruction and keep that documentation on file for your own protection.

Secure what you keep
Once you’ve securely destroyed the information you don’t need it’s time to securely organize what you’ve kept. Businesses that don’t have a specific information security plan often don’t have a very organized information storage system either. This is a good time to develop a system, or improve upon what you’re currently doing.

Confidential information should be stored in one location specified for this purpose, and be protected by restricting location access and lock protection. Only those employees with a “need to know” should be permitted to access confidential or sensitive information. In addition, those who are permitted to access it should be required keep file cabinets locked when not in use, or when they leave the area. Obviously, what you’re able to do will depend largely on the physical characteristics and layout of your facility. But whatever your circumstances, careful attention should be paid to physical information security.

Protecting your business from theft of sensitive or confidential information starts with your information security plan. Knowing exactly what information you need, securely destroying what you don’t need, and securely storing what you keep are vital.

For secure, trustworthy help with your document or hard drive destruction contact us online or call 877-9-Shreds (877-974-7337).

Tags: , ,