November 13-19, 2022 is Fraud Awareness Week, and the simple idea of a week focused on fraud awareness can be motivating because you can be sure you aren’t alone in fighting data fraud.
Use Fraud Awareness Week as motivation to take a look at your own level of data security and find ways to tighten weak areas. To help you assess those, here are seven critical questions to ask yourself about your organization’s data security:
1. Is our data protected?
Having a strong firewall to protect your internal network is helpful, but it only protects against outside threats. Employees, customers, and suppliers already have access from inside the firewall and can initiate a data breach, even unintentionally.
2. Can my staff detect attacks?
Have you trained your employees to recognize suspicious emails, dangerous links, and phishing? These insider attacks are common, yet preventable with some basic knowledge of how to detect and respond to them. Consider offering a workshop or session at your next staff meeting or retreat on how to recognize and respond to potential attacks.
3. Do we conduct regular security audits?
Your own team can be a source of data leaks, even inadvertently. Do you know about all of the devices that your staff are using for work? Are their mobile and personal devices secure, and is the data they are working on and sharing encrypted? Do any of your staff have physical documents or computer screens that can be viewed by unauthorized individuals? Something as simple as writing down a password on a scrap piece of paper and leaving it in the open or walking away from a desk while signed in to the computer can be the source of a security breach.
4. Do we have redundant data?
It’s challenging enough to control data, make sure that it stays within a secure chain of custody, and protect it from misuse. More than one copy of the same data, whether in a similar or different format, creates complexity. Deleting redundant data other than designated backups will help increase your level of data control and protection.
5. Does our organization require strong passwords?
Using strong passwords is a good way to stay a step ahead. It’s important that the whole staff takes this seriously so that there are no weak links. A strong password is:
- at least 12 characters long, and longer passwords are better
- a mix of uppercase and lowercase letters, numbers, and symbols so they are harder to crack
- avoids memorable keyboard paths
- not based on personal information
- never used for more than one account
- changed on a regular basis
6. Do we shred our obsolete hard drives and other media regularly?
Storing obsolete hard drives and other electronic media can increase your risk of a data breach and may push your company into non-compliance with data privacy laws. Here’s why:
- Any device that stores data could still contain private and protected information. Even if you have attempted to erase the data, information still remains that data thieves are skilled at retrieving.
- Any information that still exists on the drives that has passed its retention date is in violation of data privacy laws.
- If drives are lost, stolen or sold, any digital information that remains on them is vulnerable and your company is forever liable for any misuse of that information.
Don’t attempt DIY destruction. Secure, NAID AAA Certified shredding is the only way to ensure the data you are responsible for is forever protected. Your shredding provider should also offer a Certificate of Destruction after each destruction project to provide you with proof of compliance.
7. Are our paper documents protected?
Paper documents require just as much security as other data formats. To prevent information theft, update or create a document management policy and train your staff according to these rules:
- “Shred everything.” Add this mandate to your document management policy for all discarded paper. This way, no one has to decide what should be shredded and what shouldn’t. This means every piece of paper, including letters, envelopes, junk mail, sticky notes, and paper file folders.
- Keep all documents filed unless they are being used at that moment. Leaving files on desks or unsecured and any other weak links in information security are a data breach risk.
- Share physical documents only with authorized individuals. Make sure your document management policy outlines the process for sharing files with third-party businesses or organizations.
- Know and observe document retention dates and make sure expired files are shredded promptly at the end of their lifecycle.
- Ditch DIY shredding and partner with a local, NAID AAA Certified document shredding company. It is far more affordable in the long run so you can avoid a data breach, have proof of legal compliance in the form of a Certificate of Destruction, and use valuable employee time for core tasks instead of dealing with a tedious, unsecure shredding machine.
CI Information Management offers a full suite of NAID AAA Certified shredding services to customers in Southeastern and Central Washington state and Northeastern Oregon. Use Fraud Awareness Week as an opportunity to increase your organization’s information security by giving us a call at 509-586-6090 or by completing the form on this page.