A survey of more than 500 small and medium business owners and managers revealed that only two-thirds of them consider invoices worthy of secure destruction, thereby signifying how improper handling of invoices is compromising enterprise data.
Small and medium business owners and managers consider employee wages, enterprise financial data and personal employee data more sensitive compared to invoices, details of competitor lists and company structure.
The survey, conducted by document shredding and archiving firm Russell Richardson, has revealed a glaring yet untouched aspect of enterprise security. While the narrative around enterprise security is mostly dominated by conversations around the security of digital content, the relevance of perimeter security and cyber hygiene at the workplace, not much has been discussed about the security of chunks of paperwork printed every day at thousands of enterprises across the UK.
While enterprises are adopting digitisation at a fast pace, most small and medium business owners continue to rely on paperwork, be it invoices, salary slips, tender documents, contracts or work orders. Considering that such papers carry huge amounts of sensitive enterprise data as well as details of clients and customers, securing them and preventing them from falling into the hands of third parties or competitors is as essential as implementing cyber security practices.
The survey, conducted on more than 500 small and medium business owners and managers across the UK, has thrown up interesting findings of how serious today’s businesses are about the security of their printed documents.
It revealed that 95% small and medium business owners and managers considered personal employee data important enough to shred them and to store them securely. At the same time, 90% and 88% of them considered company financial information and wage information worthy of secure destruction.
However, when it came to shredding other kinds of documents, only 67.5% and 51.5% considered invoices and documents pertaining to company structure worthy of secure destruction. A mere 42.3% considered competitor lists secure enough to be shredded. This signifies that small and medium businesses currently stand highly exposed to data breaches as it is relatively easier for third parties with criminal intent to gain access to sensitive documents like invoices, competitor lists and company structure.
According to Russell Richardson, company structure information includes information on business models and company goals that would be of interest to rival companies, information on senior team members, making them targets for headhunters, and emphasise the presence of hierarchy within the business, thus creating tension among colleagues.
‘In a busy office environment, it can be easy to discard printed reports, photocopied invoices and even casual, handwritten notes without thought, or place them in disorganised piles when they’re no longer needed, rather than disposing of them safely and properly. What’s more, hard copies can often contain original signatures and/or photo identification, which render such documents even more sensitive,’ the firm noted.
‘Lack of vigilance over tangible data can cost companies dearly, whether it’s a failure to store the data securely enough or by not destroying it properly. It may sound obvious but simply throwing paper in the recycling bin will not eradicate its contents — and neither will pushing pages into the cumbersome line shredders often found in offices,’ it added.
This being the case, the firm suggests that businesses, whether small, medium or large, should ensure that their confidential waste paper is destroyed securely and sustainably by outsourcing the service to professionals. This will ensure that such sensitive documents will be stored and shredded outside office premises and will help businesses meet their data protection responsibilities ahead of the upcoming data protection law.