The Keys to Handling Sensitive Data
Every enterprise business deals with sensitive data. When you consider the breadth and scope of information you have that allows you to conduct your business, it can be overwhelming, especially considering the prospect of protecting it.
Account numbers, customer IDs, passwords and personal contact information are just a few examples of the confidential information organizations use regularly. Moreover, sensitive data is on our devices, paperwork, and hard drives—all around us.
The consequences of not protecting sensitive data can be severe. Thieves can commit various crimes against a company—or individuals within it—with information found on discarded devices and documents.
These include spear phishing attempts, identity theft—even ransomware attacks. By treating sensitive data appropriately, however, you can prevent these threats.
Here are some critical tips for doing so.
Treat Data Like It's Yours
Most people wouldn't leave their bank statements or medical records on their desk for everyone to see, would they? It pays to think of sensitive data the same way. Encourage everyone in your company to treat sensitive data as if it were their own, and lead by example.
If you don't have one already, consider a clean desk policy, a formalized outline of what should and shouldn't be left on employee desks or workstations when they're not around.
Papers should be stored safely away when not used, preferably under lock and key. When individuals are not at their desks, have them quit any programs or documents they may be using containing sensitive data.
When it comes to devices, make sure business-owned laptops, phones, or devices are always kept safe so thieves can't steal them and the data they hold.
Create a Data-Safe Culture
Good data-protection habits don't happen automatically. Creating a company culture around the concept, however, is something that can help employees appreciate their importance.
Encourage safe data handling habits in company newsletters and emails. If possible, encourage your IT lead to conduct periodic meetings to emphasize the importance of data safety—and the consequences of being careless.
By engaging your employee base regularly, you'll create buy-in that reinforces good habits.
Dispose of Data Properly
Sensitive data that's no longer useful to the company may still be helpful to thieves, so it's essential to do more than throw it away. Until it's destroyed, keep paper documents safe using locked bins on site.
Most licensed shredding services will provide these and then shred the material periodically. Various data disposal firms can be found online with a simple search.
If your enterprise business doesn't use a service, dispose of sensitive paper documents using a cross-cut shredder that slices paper into tiny confetti-sized pieces.
Avoid shredders that cut paper into thin strips as these can be retrieved from the trash and reassembled by determined thieves. While the prospect of reconstructing paper strips may seem far-fetched, the tactic has been used successfully by thieves in the past.
Electronic devices containing sensitive data, such as hard drives, laptops, phones, USB drives, and others, are trickier. Because of this, many companies have policies for eliminating what's on them. You're ahead of the curve if your company is one of them.
If there are no policies, it's best to work with your IT lead to develop them. Or you may consider consulting a digital disposal expert who can work with you to eliminate the data by erasing, re-formatting, overwriting or scrambling old hard drives and other devices with a powerful magnet through a process called degaussing.
While these methods are effective, they're not entirely foolproof. As such, some leave data behind that can be retrieved by tach-savvy criminals, so it's essential to weigh the risks before you choose. The only guaranteed way to eliminate all risk is to have the device physically destroyed.
This is not something you'll want to leave up to everyday employees. While hammering, cutting, drilling, and incinerating the device are effective, proceed with care when using these tactics.
For these reasons, it's highly recommended that you enlist a professional service. Many paper shredding services also specialize in device destruction and can help you dispose of yours properly.
Sensitive data is part of everyday business. Handling it and disposing of it properly can keep your company safe.