Don’t leave your business data as a seasonal gift for criminals

News

Don’t leave your business data as a seasonal gift for criminals
Iron Mountain provides a business check-list for a trouble-free festive break

15 December 2011 - Over the festive break, unattended offices and bad weather can make it challenging for companies to access and protect their information. Many organisations are increasingly allowing staff to work from home in the run up to the holidays, particularly if the weather makes travelling difficult. Often, this means letting information leave the office, placing valuable business assets at higher risk than might normally be the case. At the same time, documents left behind in a deserted workplace could be vulnerable to theft.

Information management company Iron Mountain advises companies to take a few practical steps to minimise the risks associated with the extended holiday period.

“This time of year brings a much longed-for holiday period for many – a chance to spend time with the family and forget about work,” said Marc Duale, President of International at Iron Mountain. “Many businesses slow down or even close altogether. However, before switching off the lights and closing the door, businesses need to ensure their information is well protected and can be accessed if required. Consequently, we urge business leaders to review their disaster recovery plans at this time of year and make sure every employee is aware of the responsibility they hold to protect company information.”

Practical steps to ensure businesses avoid the risks associated with the winter holiday period:

1. Ensure information management processes are in place for employees who choose to work from home

Guidelines on the use of personal IT

Five practical steps to help businesses become paper-efficient:
Many workers may be tempted to use personal IT equipment to catch up on work-related deadlines over the holiday. While this is fine for checking email through a secure server, it can be tempting for employees to download work documents to their own computer, putting sensitive company materials at risk. Companies should have policies in place to ensure that employees use correct hardware at all times and ensure that the policies are communicated clearly throughout the organisation.

Secure disposal
Well-meaning employees may also print company-sensitive documents or transfer them to a mobile device so they can work during the holiday period without needing to return to the office. It’s imperative that companies brief employees regarding confidential destruction measures, highlighting that it is not acceptable to discard any document in their home waste. Documents should be returned to the office for secure disposal.

Mobile vulnerability
The risk of mobile devices falling into the wrong hands through loss or theft are well publicised and, as a consequence, awareness is growing. However, any extended holiday or time for celebration can increase the risk. With the possibility that mobile devices can walk out the door carrying a host of company information, businesses must have a clear strategy in place for information retrieval and remote wiping.Many organisations hold large archives of paper documents, and they simply don’t know how to start gaining better control over them. The secret lies in segmentation. Companies need to know what they have and where it is. They need to account for business-critical records, operational documents, active and inactive information, and data that is no longer required and due for destruction. This segmentation process will help companies to start to shrink their paper problem – and ensure company resources are focused on managing the most valuable documents.

2. Make sure buildings and IT networks are secured
Businesses should ensure that monitoring systems are live and in place. Disaster recovery plans should be tested and active. Prior to leaving the office for the holidays, provisions must be made to ensure that appropriate action will be taken should an incident occur over the holiday period.

4. Take it off-site On top of the hidden costs of piling up information on site comes the costs in the time that staff must spend storing, managing and retrieving company files. A trusted third-party provider can act as a perimeter fence, taking charge of the majority of inbound paper before it ever reaches the office while keeping track of all compliance issues. Relevant documents can be digitised and plugged into relevant processes such as Accounts Payable, while less essential documents can be stored off-site for an agreed period of time, after which they can be destroyed securely.

3. Brief all employees and reduce ‘insider threat’
It is likely that many businesses will be running with a skeleton workforce over the holidays. With fewer staff, it’s even more important that businesses are confident that each individual is briefed fully on how to deal with a serious incident – training should be provided to all employees so they know how to respond.

A tried and tested Incident Response Programme should be implemented. Businesses should earmark specific employees to take responsibility for the task who will have the ability and authority to make decisions should an incident arise.

During these times of reduced supervision, businesses should be mindful that the risk of ‘insider threat’ will likely be elevated. To reduce the threat, businesses should go back to basics and implement employee vetting procedures to ensure that the right people are in place.

4. Conduct a Business Impact Analysis to assess risks and controls
A Business Impact Analysis should be undertaken every six months as part of best-practice business continuity. This will allow organisations to constantly patrol the waters for potential business vulnerabilities and review previous activity.

About Iron Mountain:
Iron Mountain Incorporated (NYSE: IRM) provides information management services that help organisations lower the costs, risks and inefficiencies of managing their physical and digital data. The Company’s solutions enable customers to protect and better use their information—regardless of its format, location or lifecycle stage—so they can optimise their business and ensure proper recovery, compliance and discovery. Founded in 1951, Iron Mountain manages billions of information assets, including business records, electronic files, medical data, emails and more for organisations around the world. Visit www.ironmountain.co.uk for more information.