Tags: Cyber Law cyber

Protecting Against Physical Data Breaches

Companies struggle to prevent hackers from accessing information stored on company servers. But, did you know that a substantial number of data breaches in the U.S. still occur via theft of physical objects? Paper copies are still highly sought after by criminals. Protecting your company’s information and the personal information of your customers, needs to remain a top priority regardless of how that information is stored.

These are the 5 steps to help protect you, your company, and customers from physical data breaches. These steps can help reduce avoidable losses and the risk of theft of physical objects that contain private information (papers, files, laptops, tablets, drives, smartphones, etc.). 


Plan for it:

  • An ounce of prevention is worth a pound of cure, especially in data security! Creating a company hard copy management policy is a major step to creating a business culture where caution is a habit and security is a priority.
  • Set procedures for how documents used in your business’s operations are processed and for how long they are stored. If your employees have set rules to follow then it is less likely that they will carelessly misplace or lose sensitive documents.

Shred it:

  • If your business no longer has need of a paper record, shred it. Never just throw it into the trash can or recycling bin (shredded paper can be recycled the same as whole sheets). Dumpster diving criminals are still very dangerous if they gain access to intact records.
  • Maintain a standard list of document types that your business always shreds after use. Efficiency of organization is key, always have a clear reason for keeping physical documents on hand.
  • If you would rather outsource the task of shredding documents, there are third-party companies who shred documents for a fee. There are also companies that will securely store your physical data offsite for you.

Prove it:

  • Recording that a document was destroyed is just as important as shredding it in the first place. This way if a data breach occurs with one of your clients, you can specify when and how that the document was destroyed, this makes it easier to pinpoint where data was leaked. Make sure you record the date and location of where the document was stored as well.

Lock it:

  • Whether it is your office desk, filing cabinet, tablet, or smartphone, it needs to be locked. Everyone wishes that theft will never occur in their office, but the reality is that you can never sure.
  • Keeping all physical storage locations locked keeps your business’s private information secure from both internal and external threats. Again no one wants to believe their own employees are capable of information theft, but keep access limited as a precaution.
  • Your documents should also be stored and locked away from maintenance and cleaning staff for security and privacy reasons. The staff could even mistakenly throw away personal records if they are left lying about the workplace.

Conceal it:

  • It might seem like a no brainer but do not leave items that contain private information out in the open, this increases the chance of theft. Employees should always keep devices and physical documents on their person when taking them outside the office.
  • Always keep personal items in your sight or out of sight of strangers if you are not present. Common examples include leaving a tablet on the table at a restaurant when using the restroom or leaving a laptop bag in the back seat of an unattended vehicle.
  • If you must leave something in your car keep it locked in the glove box or trunk, criminals do not randomly pick vehicles, they are looking for the easy targets.
  • If you are the only person from your company at a restaurant or café, put your laptop, tablet, or phone in a briefcase, purse, or carrying bag and take it with you when you leave the table to use the restroom. It might seem awkward but it is always better to be safe.

When forming your document management policy you should be aware of all existing regulations and laws relevant to your industry. For more information or to answer questions related to cybersecurity law contact the Goosmann Law Firm at info@goosmannlaw.com or (712) 226-4000.

CONTACT US

Subscribe Our Blog

DISCLAIMER: The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. By visiting this website, blog, or post you understand that there is no attorney client relationship between you and the Goosmann Law Firm attorneys and website publisher. No information contained in this post should be construed as legal advice from Goosmann Law Firm, PLC, or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.