your employees and information security
DESCRIPTION
What every company needs to know about preventing inside security breaches.TRANSCRIPT
![Page 1: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/1.jpg)
Your Employees and Information Security
What every company needs to know about preventing inside security breaches.
![Page 2: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/2.jpg)
Insider Breaches – Be concerned• 85% of US organizations
have experienced at least one data breach in the last 12 months
• Companies experiencing more than 5 data breaches in one year rose from 13% (2008) to 22% (2009)
• Consider who has access to sensitive information in your organization
![Page 3: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/3.jpg)
Reduce the threat• Engage your employees – they are essential to your company’s
success• Create a total security culture • Implement secure document management and destruction as a
preventative measure against information security breaches
![Page 4: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/4.jpg)
Engage your employees• They need to understand
your security policies and procedures
• They must be committed to implementing them correctly
• They are the key to an organizational culture of total security
![Page 5: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/5.jpg)
Engaged employees keep information secure• Protect documents from the moment they are created until the
time they are no longer needed• Eliminate security risks at the source• Permanently secure the entire document lifecycle• Develop strategic integrated and long-term approaches
![Page 6: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/6.jpg)
Employee Best PracticesTrain your staff in document destruction policies and bestpractices: • Offer training courses, in general security or specifically deal
with secure document destruction• Best practices:
• Shred all – to avoid the risks of human error or poor judgment• Shred regularly – to deter the accumulation of confidential paper waste• Shred securely – to ensure the chain of custody meets your compliance
requirements• Shred before recycling – to avoid risks once confidential paper waste is at
the recycler
![Page 7: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/7.jpg)
Eliminate risks at the source• Implement a “shred all” policy• A “shred all” policy will make sure that all documents are fully
and securely destroyed on a regular basis• Change from reducing to eliminating security loopholes
throughout the lifecycle of the document• Employees should be trained in the values of “destruction at
the source”
![Page 8: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/8.jpg)
Employees and the Legislation• Your employees need to
know what legislation applies to your organization
• Information security is more than good business – it’s the law
• They should be aware of HIPAA, FACTA, NAID
![Page 9: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/9.jpg)
HIPAA (Health Insurance Portability and Accountability Act of 1996)• Maintain reasonable and appropriate, safeguards to prevent
intentional or unintentional use or disclosure of protected health information
• Includes: patient medical records, patient logs, insurance, billing and other personally identifiable healthy information
• HIPAA compliant organizations must also designate a privacy officer and ensure all staff are trained and understand privacy issues
• “Shredding prior to disposal” is identified as an appropriate safeguard
![Page 10: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/10.jpg)
FACTA (The Fair and Accurate Credit Transactions Act, 2003)• Provides new tools to help fight identity theft• Applies to any person or company that “maintains or otherwise
possesses consumer information or any compilation of consumer information, derived from consumer reports for a business purpose”
• Includes a specific rule regarding the proper disposal of consumer report information and records
![Page 11: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/11.jpg)
NAID (National Association for Information Destruction)• Certification Program establishes stringent security standards
for a secure destruction process: • operational security• employee hiring and screening• the destruction process • responsible disposal and insurance
• In multiple locations, each location must pass the audit to be certified.
• All Shred-it locations in the United States and Canada have received NAID Certification
![Page 12: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/12.jpg)
Recycling is not enough• Loose paper is often left
unattended before it is recycled• Documents can be misplaced or
stolen• Paper can fall out of the truck
and onto the street• Shredding documents before
recycling serves the environment and keeps your confidential information confidential
![Page 13: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/13.jpg)
Create a total security culture – Step 1• Look at what you are doing now• Identify all potential risks that
may threaten the security of your organization’s confidential information
• Examine the document workflow and lifecycle; analyze both electronic and paper-based sources
![Page 14: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/14.jpg)
Create a total security culture – Step 2 • Create a comprehensive information security strategy• Develop security policies that are compliant with national
identity theft and privacy legislation• Restrict access to confidential data, in electronic and paper
form, based on specific business needs of specific categories of personnel
![Page 15: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/15.jpg)
Create a total security culture – Step 3• Train your staff in secure document management and
destruction• Implement “shred-all” policies and “destruction at the source”
values• Build an organizational culture that values and respects
confidentiality and privacy
![Page 16: Your Employees and Information Security](https://reader035.vdocument.in/reader035/viewer/2022062614/5473ebd5b4af9fb90a8b55a2/html5/thumbnails/16.jpg)